Senator Leahy's Public Key
The more I think about Senator Leahy's public key, the more I keep coming back to a point I only alluded to before. How do we know the key is actually his key? The key is only self signed. It could be a fake. If, as I have assumed, its primary use will be to sign public statements posted to the net, how will we know they are actually from Senator Leahy, and not some impostor? I strongly urge the senator to join the web of trust and get some other signatures on his key. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
Bill Frantz said:
The more I think about Senator Leahy's public key, the more I keep coming back to a point I only alluded to before.
How do we know the key is actually his key?
The key is only self signed. It could be a fake. If, as I have assumed, its primary use will be to sign public statements posted to the net, how will we know they are actually from Senator Leahy, and not some impostor?
I strongly urge the senator to join the web of trust and get some other signatures on his key.
Actually, I've been thinking about this, and how do we *really* know that *anyone's* keys are actually theirs? I'm new to this list and have been collecting some of the keys from people who post with PGP signatures, but even at that, I never certify them myself because I am not 100% absolutely certain that the key in question belongs to that person. After all, what if some clever hacker dropped in and replaced someone's .plan file, or edited their index.html file? There's no real way to be absolutely certain. How certain are we that the keyservers are 100% bulletproof? Hell, I could call Joe Schmoe up and say "tell me your fingerprint", but how do I *really* know I'm talking to Joe unless I knew him before getting his signature? Just some thoughts about some of the basic flaws in this sort of system. BTW, I collect the signatures because I have a patched version of Elm which goes out and automatically tries to verify all PGP signed messages, and it's kind of annoying when it can't find the signature (all sorts of junk goes sprawling up my screen).
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
-- Matt Smith - msmith@unislc.slc.unisys.com "Nothing travels faster than light, with the possible exception of bad news, which follows its own rules." - Douglas Adams, "Mostly Harmless" Disclaimer: I came up with these ideas, so they're MINE!
Actually, I've been thinking about this, and how do we *really* know that *anyone's* keys are actually theirs? I'm new to this list and have been collecting some of the keys from people who post with PGP signatures, but even at that, I never certify them myself because I am not 100% absolutely certain that the key in question belongs to that person. After all, what if some clever hacker dropped in and replaced someone's .plan file, or edited their index.html file? There's no real way to be absolutely certain.
This is exactly what the web of trust is about. The fact is that you can't trust the Keyservers (they were never designed to be trusted); you can't trust .plan files; you can't trust index.html files. However you can trust signatures made by trusted keys. That is why the web of trust works. For example, I've met in person with a lot of people and we've signed each others' keys. We've used various methods to "prove" identity. Sometimes it's been a long time of personal interactions (close friends). Sometimes it's been a number of certifying documents, IDs, etc. Sometimes it's been a piece of knowledge that I know the other has but no one else has. The point is that once I'm attached to the web of trust I have a means to verify other keys. I can set up a CA that way (MIT has one) -- there is a keysigner that will use out-of-band means to verify the identity of a user and then use that to sign a PGP key in that person's name.
How certain are we that the keyservers are 100% bulletproof? Hell, I could call Joe Schmoe up and say "tell me your fingerprint", but how do I *really* know I'm talking to Joe unless I knew him before getting his signature?
As I said already, the keyservers are not bulletproof. In fact, they were never designed to be trusted. They were designed to be an untrusted key distribution system. The end-user is still supposed to verify the signatures on they keys received from the keyserver. As for calling up Joe Schmoe, how did you get his number? Did you look it up in a phone book? Call directory assistance? These are other means of identification, too. You just need to look at it from a different angle. -derek
This is exactly what the web of trust is about. The fact is that you can't trust the Keyservers (they were never designed to be trusted); you can't trust .plan files; you can't trust index.html files. However you can trust signatures made by trusted keys. That is why the web of trust works.
For example, I've met in person with a lot of people and we've signed each others' keys. We've used various methods to "prove" identity. Sometimes it's been a long time of personal interactions (close friends). Sometimes it's been a number of certifying documents, IDs, etc. Sometimes it's been a piece of knowledge that I know the other has but no one else has.
What if you needed to set up a key server for a mass base of customers... Obviously, authenticating them via e-mail would be difficult, verifying them in person would be harder. Would there be any reasonable way to verify hundreds or thousands of customers? Any manual method would be highly undesirable, right? Imagine the labor involved....but lets pretend that the labor is not the deciding factor. What would be the best way to verify the customers keys if you couldn't visit each customer in person? For example, would a photo copy of a drivers license be enough?
The point is that once I'm attached to the web of trust I have a means to verify other keys. I can set up a CA that way (MIT has one) -- there is a keysigner that will use out-of-band means to verify the identity of a user and then use that to sign a PGP key in that person's name.
This is a good idea. The obvious question is: Would using an "out-of-band means" be worth the time and trouble if you had to scale the project to a commercial level? Would it be a show stopper if the keys weren't verified?
As I said already, the keyservers are not bulletproof. In fact, they were never designed to be trusted. They were designed to be an untrusted key distribution system. The end-user is still supposed to verify the signatures on they keys received from the keyserver.
Last thought...if the end-user verifies the signature, is that enough protection? Eric
-----BEGIN PGP SIGNED MESSAGE-----
Actually, I've been thinking about this, and how do we *really* know that *anyone's* keys are actually theirs? I'm new to this list and have been collecting some of the keys from people who post with PGP signatures, but even at that, I never certify them myself because I am not 100% absolutely certain that the key in question belongs to that person. After all, what if some clever hacker dropped in and replaced someone's .plan file, or edited their index.html file? There's no real way to be absolutely certain.
This is exactly what the web of trust is about. The fact is that you can't trust the Keyservers (they were never designed to be trusted); you can't trust .plan files; you can't trust index.html files. However you can trust signatures made by trusted keys. That is why the web of trust works.
For example, I've met in person with a lot of people and we've signed each others' keys. We've used various methods to "prove" identity. Sometimes it's been a long time of personal interactions (close friends). Sometimes it's been a number of certifying documents, IDs, etc. Sometimes it's been a piece of knowledge that I know the other has but no one else has.
The problem is entering this "Web of trust". You have to know someone who is already in The Web in order to start signing your keys. I don't know anyone around here who uses PGP but me. That's why I've been getting keys off of this list. Gotta start somewhere, however, I feel that this is a very shaky way to start.
The point is that once I'm attached to the web of trust I have a means to verify other keys. I can set up a CA that way (MIT has one) -- there is a keysigner that will use out-of-band means to verify the identity of a user and then use that to sign a PGP key in that person's name.
I agree that once the WOT is set up, everything should work hunky dory, but introducing yourself into this web isn't an easy thing. Since we know that the keyservers aren't bulletproof, how many keys do I grab from there in order to start my keyring? One? Ten? 500? Statistically speaking, how many of those have been compromised and can no longer be trusted?
You just need to look at it from a different angle.
That's what I'm trying to do. Maybe I'm just looking at it all backwards or something, but it's something I've been thinking about since I've been collecting keys lately.
-derek
- -- Matt Smith - msmith@unislc.slc.unisys.com "Nothing travels faster than light, with the possible exception of bad news, which follows its own rules." - Douglas Adams, "Mostly Harmless" Disclaimer: I came up with these ideas, so they're MINE! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMZH8YcWUKiYjg/fZAQFk+QQA047pGZizSijPPBksY8nmZTQLdwaOene4 uO5p/ykHfPull03gzvYJ8ueDLlmttqSaf6y2e63RDgLNh5m8K0q88vOzkd0qQ+qf LxC2ZVmGk3eIsRG9KLFdRMrPsJ0hmo/AfZ8DwF6SUz8+KXbxIHcN0LjTx4XBKIqz wkpcnF0nLAM= =Gd3m -----END PGP SIGNATURE-----
On Sat, 4 May 1996, Bill Frantz wrote:
The more I think about Senator Leahy's public key, the more I keep coming back to a point I only alluded to before.
How do we know the key is actually his key?
The key is only self signed. It could be a fake. If, as I have assumed, its primary use will be to sign public statements posted to the net, how will we know they are actually from Senator Leahy, and not some impostor?
I strongly urge the senator to join the web of trust and get some other signatures on his key.
I'll visit his office and ask if he wants he key signed this week.
------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
--- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
participants (6)
-
Black Unicorn -
Derek Atkins -
Eric Eden -
frantz@netcom.com -
Matt Smith -
msmith