I'm assuming this has something to do with the eternity server/black_net discussion that has been going on. So I'll take a stab at it, not that it may make any sense in the actual context ...
- You generate the code and sign it
- You deliver the signed code to a data haven server of some architecture (note that you don't know where it is or who runs it, I'll assume you use some particular usenet newsgroup as your drop point)
- Somebody else comes along and sees a list of available items and selects yours (again through a usenet based request mechanism).
- They receive the code signed with 'your' key and decide they want to verify the signing (through yet another usenet channel).
The problem with this model is in the second step. What is to keep them from removing your signatory, moding the code, and then resigning it. If
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 02:35 AM 1/15/98 -0600, Jim Choate wrote: the
recipient desides they want to check the sign they have two choices:
- select an anonymous key that has been previously stored on some sort of key server.
(if they are running a eternity server blind they could be running a key server blind as well, it follows that at least some of the users of your software wanting to verify the signing will go to this server and hence have corrupted code, if we're using the usenet model this is even more likely since they could be running a feed point for other usenet feeds downstream and hence capture many if not all requests for the product, especialy if they were the only server to actualy carry a copy.)
- contact you the author directly (I'm assuming of course you were silly enough to put a publicly available key directly traceable to yourself on it in the first place) in which case they simply intercede from a upstream tap and verify their request in your behalf.
In either case there is no guarantee that what comes off the server is what you the source put on there. Hence the long term security of the key is compromised. In particular, in the second case, since they already know who provided the illicit data to the server there motive is clearly to track the users. This breaks the anonymity of the data haven.
Implicit in a workable data haven model is the goal of both source and sink anonymity. This means that any signed data on the server must provide a mechanism for the user to verify the sign by access to a suitable key to generate the appropriate hash and compare it to the one that the server delivered. If they match you should have the correct unadulterated document.
Jim, there are > 2 parties in the matter being discussed: the author of the item (who wishes to remain anonymous), the person who wishes to use the item (who probably wishes to remain anonymous), and N reviewers/authenticators of the item, who may or may not wish to be anonymous. In the case of the reviewers, signature verification may be possible outside of the BlackNet/Eternity structure. For example, I could look at the source for Joes Awesome CryptoKillerApp, or the latest manual from GunzenBomz Pyro-Technologies, and sign the files indicating that I cannot find any security flaws or that I tried some of the "recipes" and blew up a local pedophile's house. My key is publicly available at the MIT keyserver; it has been since PGP 5.0 came out. I have posted hundreds of times to Cypherpunks; most of these posts have been signed with my key and include the fingerprint of my key. It would be fairly difficult for any attacker to forge a signature with a false key; it would involve either rubber-hosing my passphrase, changing history on all the Cypherpunks archives (including any on the item end-user's machine and on the machines of all the Cypherpunks they correspond with), or re-creating my private key from my public one. A similar situation exists for other entities that customarily sign their posts, such as Bill Geiger, Monty Cantsin (assuming he ever got around to posting his public key), Nerthus, etc. "Certified by #314159" does not in itself inspire confidence, but if hundreds of signed writings by #314159 exist, such that #314159 has high reputation capital, it begins to do so, assuming that #314159's passphrase hasn't been rubber-hosed or otherwise compromised. -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQA/AwUBNL/DK8JF0kXqpw3MEQL3agCdGY2Zj4lCoJjW+PRSyoc0Vyvd48cAoMwl 8ePeJ0Dbka+Jel+n1zSf+Zl/ =mG+m -----END PGP SIGNATURE----- Jonathan Wienke PGP Key Fingerprints: 7484 2FB7 7588 ACD1 3A8F 778A 7407 2928 3312 6597 8258 9A9E D9FA 4878 C245 D245 EAA7 0DCC "If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you. May your chains set lightly upon you; and may posterity forget that ye were our countrymen." -- Samuel Adams "Stupidity is the one arena of of human achievement where most people fulfill their potential." -- Jonathan Wienke Never sign a contract that contains the phrase "first-born child." When the government fears the people there is liberty. When the people fear the government there is tyranny. Those who live by the sword get shot by those who don't. RSA export-o-matic: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`