Re: Cypherpunks@hks.net service
From: cactus@bb.hks.net
The cypherpunks@hks.net service is now available.
It will sign any message sent to cypherpunks@hks.net with its (currently 384 bit) key and forward the signed message to cypherpunks@toad.com.
No offense, but what's the point? What's next, automated key-signing services? Is this just intended to help people who can't sign easily to get around Eric's proposed requirement? If so, it seems like almost an embarrassment--someone setting up a meaningless message signer to spoof the cypherpunk server, which it does easily. Doesn't sound too good to me. --Dave.
From: dmandl@bear.com What's next, automated key-signing services? Yep. There are two purposes to signing a key. The first is to fix a bit pattern and have an assurance that it hasn't changed. The second is to attest to the mapping between a key and some entity. PGP, for example, very explicitly does both. It asks you when you sign a key if you're sure that the person is who is advertised. I consider this behavior broken, not the least because it's hostile to pseudonymity. This hardcoded policy hinders the use of PGP in other contexts. For email-only social contact (i.e. legally uninvolved) the attestations of personal mapping are unnecessary and sometimes downright undesirable. Some people may want them, true, and there will be a need for that mechanism, but it should not be the only choice available. An automated key-signing server can affix a sequence of bits perfectly adequately. So can digital timestamping algorithms, but they are not generally available. Suppose the existence of just two auto-signing servers. I, a pseudonym, send my key to each of these servers and get back a two signatures on my key. It is unlikely now that someone can spoof my key. The distribution for the signing keys of these servers must be done right, but since there are fewer auto-signing servers than things signed, more effort can be taken to do this, for example, by publishing some hashcodes in a book. Eric
-----BEGIN PGP SIGNED MESSAGE----- To: dmandl@bear.com cc: cypherpunks@toad.com Subject: Re: Cypherpunks@hks.net service
No offense, but what's the point? What's next, automated key-signing services? Is this just intended to help people who can't sign easily
Actually, I've already written an automated key signing service. It is called PGPSign, and it uses Kerberos authentication to verify a request to sign a PGP key. It will match the Kerberos identity with the PGP UserID, and given some equivalence (which is a fuzzy thing to explain right now), it will either sign the key or refuse to sign the key. Jeff Schiller and I have written a paper which will be presented at the Winter Usenix conference on the topic, and we plan to make the code available, once I write some documentation for it! There is a good point to this. We are using the already-in-place Kerberos Infrastructure to generate an MIT Certification Authority. The MIT CA is a loose authorization, meaning that it assumes that only you have your password.. This solves the PGP web problem of needing everyone to sign everyone else's key. We plan to make the MIT Keysigner key widely distributed, and ask that everyone trust that key to sign other keys. - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBuAwUBLt906Th0K1zBsGrxAQEAGgLEDjk8s0CSXZULuhrytEQYhiWFA++qwzZE xMedY2vXFNUOkOzxoYwTpTopYUUOAse3bbPLtSfJYJAjnQtxetUiHBH/JmryXu6W Upu9KNqLZyotVJQarTOvxUA= =Nsm2 -----END PGP SIGNATURE-----
On Fri, 2 Dec 1994, Derek Atkins wrote:
everyone to sign everyone else's key. We plan to make the MIT Keysigner key widely distributed, and ask that everyone trust that key to sign other keys.
It seems strange that people would be expected to trust a key to sign other keys, just because somebody (even Derek, whom I have a measure of respect for) asked them to. I trust a key to be an introducer if and when I am sure that a signature by that key means that the signed key belongs to the identity (be it "real" or a 'nym) it claims to represent. Authentication via Kerbie may or may not indicate this. Such a signature would give some information that I might use to make decisions on whether or not to trust the new key, but it certainly would not be trusted if it was the only signature. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@primenet.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------
From: Christian Odhner <cdodhner@PrimeNet.Com> I trust a key to be an introducer if and when I am sure that a signature by that key means that the signed key belongs to the identity (be it "real" or a 'nym) it claims to represent. There is a qualitative difference between a real identity and a pseudonym identity. A real identity has a body attached to it and a pseudonym identity does not. The phrase "belongs to" cannot be used in the same sense for both of these, and the failure to discriminate between them is a fallacy. With a pseudonym, the identity _is_ the key. All you need to do is to ensure that the pattern of bits in the key does not change during distribution. As far as an MIT autosigner, the signature will simply represent a reduction to the trustability of the MIT account assignment procedure. This is not a reduction to bodily identity and should not be construed as such. In fact, a MIT autosigner is exactly what I was talking about when I advocated that communication provider sign keys. (Good work as usual, Derek.) The signature here represents an attestation that a given key (that is, a given identity) can be reached through a particular mailbox. Almost all email is effectively pseudonymous already, even if there is a shadow of the procession of bodies behind the email. It makes good sense to speak of mailing to a key; this is the logical operation of creating an informational space accessible only to the holder of a secret. A mailbox is merely a physical and technical means for reaching that space. Eric
On Sat, 3 Dec 1994, Eric Hughes wrote:
From: Christian Odhner <cdodhner@PrimeNet.Com>
I trust a key to be an introducer if and when I am sure that a signature by that key means that the signed key belongs to the identity (be it "real" or a 'nym) it claims to represent.
There is a qualitative difference between a real identity and a pseudonym identity. A real identity has a body attached to it and a pseudonym identity does not. The phrase "belongs to" cannot be used in the same sense for both of these, and the failure to discriminate between them is a fallacy.
I understand the difference and was not attempting to equate the two, just save a few words.. :)
As far as an MIT autosigner, the signature will simply represent a reduction to the trustability of the MIT account assignment procedure. This is not a reduction to bodily identity and should not be construed as such.
That's the point I was trying to make, only you said it a little better.
Derek.) The signature here represents an attestation that a given key (that is, a given identity) can be reached through a particular mailbox.
*THAT* is the usefullness that I hadn't realized. Thanks for pointing it out. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@primenet.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------
participants (4)
-
Christian Odhner -
Derek Atkins -
dmandl@bear.com -
eric@remailer.net