Bob Stratton suggests we hash out ideas on key signing prorocols. Ok, here is what I do: I sign keys only when I am certian that the key belongs to the human who claims to have the name on the key. There are not a lot of keys signed by me floating arround, maybe six total. My sig does not mean that the key is not owned by a cop or NSA/CIA/KGB agent (Unlike Edgar's service) because I can't tell. So if you care about that stuff, start your own web of trust with "higher" standards. My sign doesn't mean that the person is really who they claim to be, I can't tell that either. I've signed the key of a guy claiming to be "Ray Kaplan" because I believe that he uses that name reegularly. But I don't know that his name isn't really Boris Badinov. You won't find my sig on Phil Zimmermann's key, even tho that is a popular activity. Phil is a Net/Ether person to me. My sig means that there is a real person with that name. I was at NCSC and exchanged keys there. I'll be at CFP-3 and exchange keys there too. And if you are in my area, (suburban Wash DC) we can meet and exchange keys. I see no reason to hurry. A slowly growing web of trust that is strong is far more useful than an exploding web of trash. Pat Pat Farrell, Grad Student pfarrell@cs.gmu.edu Department of Computer Science, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer Write PKP. Offer money for a personal use license for RSA.
Date: Mon, 30 Nov 92 08:32:45 EST From: pfarrell@cs.gmu.edu (Pat Farrell) I sign keys only when I am certian that the key belongs to the human who claims to have the name on the key. There are not a lot of keys signed by me floating arround, maybe six total..... Ah, but how do we know that it's really you making this statement, and not some evil NSA spoofer? What people need to do is to make their key-signinging policies available _signed_ with their private key; that way at least we would know that the entity signing the keys and the entity claiming that this is its policy are the same. This helps, but we would then still need to trust that the entity is telling the truth insofar as its key-signing policy is concerned. - Ted
I see no reason to hurry. A slowly growing web of trust that is strong is far more useful than an exploding web of trash. precisely. I only sign keys when I've met the person
physically, and had them tell me that yes, they have a PGP key, and yes, here are the lower bits (the keyid.) (The latter is a little weak, I look forward to the MD5 output version...) I keep keyid's in my "little black book" as well as my online keyring. Also, because keys are a reasonable "proof" that one is using PGP, some people will only release their "public" keys to people they will correspond with anyhow. (At least one key on the recent cypherpunks key list was in that category.) I have at this point signed keys of 6 people (the first three over dinner at a chinese restaurant -- this didn't start a trend, unfortunately :-) I haven't signed John Gilmore's key (even though I work for him) since I haven't actually seen him in person, though I may get a chance to when I'm in California next week -- this will create a link between east-coast and west-coast signatures, though possibly not the first. _Mark_ <eichin@athena.mit.edu> MIT Student Information Processing Board Cygnus Support <eichin@cygnus.com>
<tytso@ATHENA.MIT.EDU> allegedly (:-) writes:
key-signinging policies available _signed_ with their private key; that I noticed in the pgp docs that there is a "signature classification field" which has a (rather small) set of reserved values, only one of which is actually implemented: 10 - Key certification, generic. Only version of key certification supported by PGP 2.0. Material signed is public key pkt and User ID pkt. 11 - Key certification, persona. No attempt made at all to identify the user with a real name. Material signed is public key pkt and User ID pkt. 12 - Key certification, casual identification. Some casual attempt made to identify user with his name. Material signed is public key pkt and User ID pkt. 13 - Key certification, positive ID. Heavy-duty identification efforts, photo ID, direct contact with personal friend, etc. Material signed is public key pkt and User ID pkt.
we would then still need to trust that the entity is telling the truth
I think we probably need a similar "web" certifying operational procedures. (That is, I believe, one thing that the PEM hierarchy claims to provide -- the institutional signature providers are auditted, etc. to guarantee that they provide the claimed level of security.) Some people trust my signatures more than other signatures because I'm already known to be somewhat "paranoid" w.r.t. security matters... _Mark_ <eichin@athena.mit.edu> MIT Student Information Processing Board Cygnus Support <eichin@cygnus.com>
I have at this point signed keys of 6 people (the first three over dinner at a chinese restaurant -- this didn't start a trend, unfortunately :-) I haven't signed John Gilmore's key (even though I work for him) since I haven't actually seen him in person, though I may get a chance to when I'm in California next week -- this will create a link between east-coast and west-coast signatures, though possibly not the first. If you meet someone claiming to be John Gilmore, how will you know he's not an impostor?
<phr@napa.Telebit.COM> allegedly asks: >> If you meet someone claiming to be John Gilmore, >> how will you know he's not an impostor? 1) I've met him before. (I wouldn't, for example, sign Tim Jennings' key after meeting him for the first time at a cypherpunks meeting, since I'd have no other way of identifying him. You, on the other hand, may be someone I've met before (do you think so?) so I might...) I've interacted with him to a reasonable extend, both socially and technically (including one interview with John Markoff.) 2) He signs my paychecks -- which is "good enough", since the checks clear :-) _Mark_ <eichin@athena.mit.edu> MIT Student Information Processing Board Cygnus Support <eichin@cygnus.com>
participants (5)
-
Eric Hughes -
Mark W. Eichin -
pfarrell@cs.gmu.edu -
phr@napa.Telebit.COM -
tytso@ATHENA.MIT.EDU