Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Atom Smasher wrote: pgp Key Signing Observations: Overlooked Social and Technical Considerations http://www.linuxsecurity.com/content/view/121645/49/ there's a few sections in that article that might be of interest. Indeed, thank you Atom! I'll pass this link along for more information after my short talk. - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Politicians are the same all over. They promise to build bridges even when there are no rivers. -- Nikita Khrushchev -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSzxCQmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1ritwCeL/ePib2q8dHR4C97Y123fmAHj7cAn2O5jfDf eOZHarR6d6HWF8qYfYp6 =X0Vq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Thu, 6 Jul 2006, Todd Zullinger wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) == pgp Key Signing Observations: Overlooked Social and Technical Considerations http://www.linuxsecurity.com/content/view/121645/49/ there's a few sections in that article that might be of interest. -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - We in the West must bear in mind that the poor countries are poor primarily because we have exploited them through political or economic colonialism. -- Martin Luther King, Jr ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
Hi, Alphax schrieb: Suppose you send an email to Address W and encrypt an authentication token to Key X. You recieve a reply from Address Y, containing the authentication token, which has been signed with Key Z. This tells you that /someone/ with access to W has recieved a message; /someone/ with access to X has decrypted it; /someone/ with access to Z has signed a reply; and /someone/ with access to Y has sent a reply. Keys X and Z may or may not be the same key or subkeys of the same primary key, addresses W and Y may or may not be the same, and Y may or may not have been faked (which is trivial). Couldn't I check this by looking at the public keys they published at key servers? Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Sunday 09 July 2006 06:27, Alphax wrote: Michael Kallas wrote: David Shaw schrieb: I've been away on vacation and only picked up this thread now. This statement is not correct. Back in the PGP 2.x days, this might have been true, but with OpenPGP, there is no particular requirement that the ability to sign and the ability to decrypt are connected. You can have a shared key with separate capabilities. Sending an signed key via encrypted mail does not ensure anything about the key owner. Why not? Sorry, this conclusion was too fast for me, could you please explain a little bit? The key (i.e. the primary key) could belong to a group, but only one person of the group might be the key owner (i.e. have full access to the key) or even no member of the group might be the key owner, but only a superior entity like the company's CA. Moreover, each member of the group could have a separate encryption subkey. This example should explain why sending a signed key via encrypted mail doesn't ensure anything about the key owner. Of course, with respect to keys belonging to real persons rather than to entities/companies/etc. this example is probably not that convincing. Suppose you send an email to Address W and encrypt an authentication token to Key X. You recieve a reply from Address Y, containing the authentication token, which has been signed with Key Z. This tells you that /someone/ with access to W has recieved a message; /someone/ with access to X has decrypted it; /someone/ with access to Z has signed a reply; and /someone/ with access to Y has sent a reply. Except for the Y part this is correct. But the contents of the From address, i.e. Y, means absolutely nothing. Keys X and Z may or may not be the same key or subkeys of the same primary key, addresses W and Y may or may not be the same, and Y may or may not have been faked (which is trivial). Exactly. And therefore you shouldn't have written above and /someone/ with access to Y has sent a reply because anyone could have sent the reply. Regards, Ingo pgpTRUWqt0F0R.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
David Shaw schrieb: I've been away on vacation and only picked up this thread now. This statement is not correct. Back in the PGP 2.x days, this might have been true, but with OpenPGP, there is no particular requirement that the ability to sign and the ability to decrypt are connected. You can have a shared key with separate capabilities. Sending an signed key via encrypted mail does not ensure anything about the key owner. Why not? Sorry, this conclusion was too fast for me, could you please explain a little bit? Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
Michael Kallas wrote: David Shaw schrieb: I've been away on vacation and only picked up this thread now. This statement is not correct. Back in the PGP 2.x days, this might have been true, but with OpenPGP, there is no particular requirement that the ability to sign and the ability to decrypt are connected. You can have a shared key with separate capabilities. Sending an signed key via encrypted mail does not ensure anything about the key owner. Why not? Sorry, this conclusion was too fast for me, could you please explain a little bit? Suppose you send an email to Address W and encrypt an authentication token to Key X. You recieve a reply from Address Y, containing the authentication token, which has been signed with Key Z. This tells you that /someone/ with access to W has recieved a message; /someone/ with access to X has decrypted it; /someone/ with access to Z has signed a reply; and /someone/ with access to Y has sent a reply. Keys X and Z may or may not be the same key or subkeys of the same primary key, addresses W and Y may or may not be the same, and Y may or may not have been faked (which is trivial). The owners of W, X, Y and Z could be four different people, or they might not be people at all; all you can really say about the key owner is that X is in contact with W and Z, and Z is in contact with X and Y. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
Am Freitag, 7. Juli 2006 06:31 schrieb Todd Zullinger: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) It's been discussed here before but I've not found any scripts or good details that I could point my fellow LUG members toward. Try CA-Bot (http://cabot.alioth.debian.org/). I haven't used it myself because I'm using a self-written script for creating challenges with KMail. But I've been sent a few challenges generated by CA-Bot. Last time I received such a message, it said (at least IIRC) that CA-Bot couldn't handle signed and/or encrypted replies. So using CA-Bot you can only check whether the person you send the challenge to can decrypt the challenge, but you can't check whether he also controls the signing key. Isn't it a good thing to send some random data to each UID on the key someone wishes you to sign and require that they send back that data signed by the key to prove they control both the key and the email address in the UID? Where control the email address is different from is the owner of the email address. Anybody between you and the owner of the email address can intercept the challenge, sign it and send it back to you. This is especially a problem with email addresses which don't contain the name, but just some random alias, nickname or whatever. [EMAIL PROTECTED] could be anyone's email address. Regards, Ingo pgpTNG1L4YMPx.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
* Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security because if the mail address bounces or the person behind the address doesn't have the private key your signed UIDs won't become publicly available. It's been discussed here before but I've not found any scripts or good details that I could point my fellow LUG members toward. Isn't it a good thing to send some random data to each UID on the key someone wishes you to sign and require that they send back that data signed by the key to prove they control both the key and the email address in the UID? There are some scripts around but don't use CA-Bot as Ingo suggested. As he has already said it has problems with so-called sign-only-keys and it sends out broken mails. caff, from the same author, handles these keys much better. It can be downloaded from the third link I mentioned. Besides it is already available in Debian and FreeBSD. Regards, Marcus -- This elevator serves me alone. I have complete control over this entire level. With cameras as my eyes and nodes as my hands, I rule here, insect. (Shodan in System Shock) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: Try CA-Bot (http://cabot.alioth.debian.org/). Thanks Ingo. I haven't used it myself because I'm using a self-written script for creating challenges with KMail. Could you elaborate a little on the procedure you use to generate the challenges? I'd love to have some examples of how other folks do things to present to my fellow LUG members. But I've been sent a few challenges generated by CA-Bot. Last time I received such a message, it said (at least IIRC) that CA-Bot couldn't handle signed and/or encrypted replies. So using CA-Bot you can only check whether the person you send the challenge to can decrypt the challenge, but you can't check whether he also controls the signing key. That's unfortunate, since the signature is more important than the decryption, AFAIAC. I'll take a look and see if CA-bot can't be useful as a starting point for some scripts of my own. Isn't it a good thing to send some random data to each UID on the key someone wishes you to sign and require that they send back that data signed by the key to prove they control both the key and the email address in the UID? Where control the email address is different from is the owner of the email address. Anybody between you and the owner of the email address can intercept the challenge, sign it and send it back to you. Of course, but they can't sign it with the key I've been asked to sign and which I verified from the key fingerprint and other owner details, unless they are the proper owner of that key. This is especially a problem with email addresses which don't contain the name, but just some random alias, nickname or whatever. [EMAIL PROTECTED] could be anyone's email address. Right. But if we met in person and I showed you acceptable ID, provided you with the key fingerprint and other key data, then returned a challenge from you signed using the key matching the fingerprint that you verified in our meeting, you know that I am in control of the key and that I can get mail at [EMAIL PROTECTED] Obviously, others can read mail there too and that's why I'm using GPG to ensure that I'm the only one that will be able to decipher mail sent to that address and generate verifiable email from that address. Thanks, - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == You will never find time for anything. If you want time you must make it. -- Charles Buxton -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSudgomGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qhDQCg113UiRsz5aUYeNGvRWOQdOHRzT0AnAnXloPp xhBU91pupwwlzXFTFOjm =xk6i -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security because if the mail address bounces or the person behind the address doesn't have the private key your signed UIDs won't become publicly available. But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? Unless, of course, you have told the signee that they must provide you with a key which they wish to have the signed keys encrypted to. Have you found in practice that you don't run into many sign-only keys that you are asked to certify? There are some scripts around but don't use CA-Bot as Ingo suggested. As he has already said it has problems with so-called sign-only-keys and it sends out broken mails. caff, from the same author, handles these keys much better. It can be downloaded from the third link I mentioned. Besides it is already available in Debian and FreeBSD. Thanks, I'll look closer at caff. I didn't pull down the package and play with it yet. - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == You're not drunk if you can lie on the floor without holding on. -- Dean Martin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSueUMmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pmfwCg+sxhZadaXGAJYLU/7yBAT/1XIq0An2UnRecE 3bNFigiZqvEXMotWpR5z =09Wl -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security I don't think that's true: Decryption is (usually) handled by the encryption subkey and there's absolutely no guarantee that this subkey is controlled by the same person as the primary/signing key. There may even be valid reasons to split the two roles. Since UIDs are attached to the primary key and the primary key is the only one that can modify UIDs (and signing a key is all about UIDs) this system can't prove what it's supposed to prove: The link between the UID (better: the e-mail-address in it) and the person in control of it. Regards, Mark Kirchner -- _ Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc pgpPS4gfqXjf1.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Friday 07 July 2006 16:56, Todd Zullinger wrote: Ingo Klöcker wrote: I haven't used it myself because I'm using a self-written script for creating challenges with KMail. Could you elaborate a little on the procedure you use to generate the challenges? I'd love to have some examples of how other folks do things to present to my fellow LUG members. My script does the following: For each key id that's given on the command line it first determines all UIDs which are neither revoked nor expired nor have already been signed by me. Then for each UID a random string is generated. I use the command head -c 18 /dev/urandom | mimencode for this. (mimencode is part of metamail.) This challenge and the key id and the UID are then inserted into a text explaining what the receiver of the challenge has to do. This text is then encrypted with the key corresponding to the key id. The encrypted text is then prepended with another text explaining what the encrypted text is about. Finally the resulting text is given to KMail together with the email address (==UID). Now I only have to click on the Send button in KMail to send the message. (I could make KMail automatically send the messages, but I prefer to have a last look at them before I send them in order to check that everything worked correctly.) I've attached the script. Isn't it a good thing to send some random data to each UID on the key someone wishes you to sign and require that they send back that data signed by the key to prove they control both the key and the email address in the UID? Where control the email address is different from is the owner of the email address. Anybody between you and the owner of the email address can intercept the challenge, sign it and send it back to you. Of course, but they can't sign it with the key I've been asked to sign and which I verified from the key fingerprint and other owner details, unless they are the proper owner of that key. Yes, they can if it was them who asked you to sign their key. For example, I could create a key with my name and your email address, go to a key signing party and make everybody sign the fake user id. And if I can intercept your mail then I can even reply to challenges. Of course, such an attack probably doesn't make much sense because for what purpose should I want to make someone believe I have an email address I do in fact not own (but which I can intercept). Regards, Ingo send-challenge-v1.1.pl Description: Perl program pgpDyeYJuFQ2o.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Friday 07 July 2006 17:09, Todd Zullinger wrote: Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security because if the mail address bounces or the person behind the address doesn't have the private key your signed UIDs won't become publicly available. But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? That's obviously correct. In this case you could give the key owner a piece of paper with a random string and ask him to send it in a signed message to your email address. Then you know that he can use this key for signing messages. Obviously, you can't check the validity of the email addresses belonging to this key (unless he's got an encryption key you can use for checking the addresses). But in case of a certification-only key even that won't work. Unless, of course, you have told the signee that they must provide you with a key which they wish to have the signed keys encrypted to. Have you found in practice that you don't run into many sign-only keys that you are asked to certify? Among a few hundreds keys I've signed so far only a handful were sign-only or certification-only keys. I did simply sign them with a lower verification level. Regards, Ingo pgpgallYqWFGA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: On Friday 07 July 2006 17:09, Todd Zullinger wrote: [...] But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? That's obviously correct. In this case you could give the key owner a piece of paper with a random string and ask him to send it in a signed message to your email address. Then you know that he can use this key for signing messages. Obviously, you can't check the validity of the email addresses belonging to this key (unless he's got an encryption key you can use for checking the addresses). Is it really necessary to encrypt the challenge? If the key has encryption capabilities, I would do so, but if it was a sign only key and I could not do so, just what sort of attacks or weaknesses are there in sending the challenge in the clear? I've seen David Shaw point out that it didn't gain you much. I'm just trying to work through the possible scenarios so I have them clear in my mind before trying to present this to a larger group, who may well end up with questions on this that I'd like to have better answers for than I do now. Have you found in practice that you don't run into many sign-only keys that you are asked to certify? Among a few hundreds keys I've signed so far only a handful were sign-only or certification-only keys. I did simply sign them with a lower verification level. Okay. I would have guessed that you probably wouldn't run into terribly many keys like this, but thank you for giving some practical experience to support this. - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == ...unfortunately, we can't control the actions of everyone. -- Bill Clinton, April 20, 1993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSuwMcmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1ogLQCfdgI3cZPmG30R7Ho9S6wERT1Bf0MAoJnW40cG UqfQ+iNwqQUwaDyhHVFH =gsl0 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Fri, Jul 07, 2006 at 11:19:47AM +0200, Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security because if the mail address bounces or the person behind the address doesn't have the private key your signed UIDs won't become publicly available. I've been away on vacation and only picked up this thread now. This statement is not correct. Back in the PGP 2.x days, this might have been true, but with OpenPGP, there is no particular requirement that the ability to sign and the ability to decrypt are connected. You can have a shared key with separate capabilities. Sending an signed key via encrypted mail does not ensure anything about the key owner. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Fri, Jul 07, 2006 at 08:39:37PM +0200, Ingo Klöcker wrote: On Friday 07 July 2006 17:09, Todd Zullinger wrote: Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security because if the mail address bounces or the person behind the address doesn't have the private key your signed UIDs won't become publicly available. But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? That's obviously correct. In this case you could give the key owner a piece of paper with a random string and ask him to send it in a signed message to your email address. Then you know that he can use this key for signing messages. Obviously, you can't check the validity of the email addresses belonging to this key (unless he's got an encryption key you can use for checking the addresses). Sure you can: just send the random string to the email address. If the person can return the string back to you, signed, then you know that there is access to both the signing key and the email address. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Fri, Jul 07, 2006 at 04:15:03PM -0400, Todd Zullinger wrote: Ingo Klöcker wrote: On Friday 07 July 2006 17:09, Todd Zullinger wrote: [...] But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? That's obviously correct. In this case you could give the key owner a piece of paper with a random string and ask him to send it in a signed message to your email address. Then you know that he can use this key for signing messages. Obviously, you can't check the validity of the email addresses belonging to this key (unless he's got an encryption key you can use for checking the addresses). Is it really necessary to encrypt the challenge? If the key has encryption capabilities, I would do so, but if it was a sign only key and I could not do so, just what sort of attacks or weaknesses are there in sending the challenge in the clear? I've seen David Shaw point out that it didn't gain you much. I'm just trying to work through the possible scenarios so I have them clear in my mind before trying to present this to a larger group, who may well end up with questions on this that I'd like to have better answers for than I do now. There is no harm (and no real benefit either) in sending the challenge NOT in the clear. Either way, you're proving the same thing: whether the email address goes anywhere and whether someone who has access to the email also has access to the key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
* Ingo Klöcker [EMAIL PROTECTED] wrote: On Friday 07 July 2006 17:09, Todd Zullinger wrote: Have you found in practice that you don't run into many sign-only keys that you are asked to certify? Among a few hundreds keys I've signed so far only a handful were sign-only or certification-only keys. I did simply sign them with a lower verification level. Me, too. I just give these sign-only keys a level of 2 as explained in my policy. I have been at several (large) keysigning parties and luckily there are not so many sign-only keys around. I don't like them very much but that's life ... Regards, Marcus -- Paranoia - das heißt doch nur, die Wirklichkeit realistischer zu sehen als andere. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
On Fri, Jul 07, 2006 at 07:22:40PM +0200, Mark Kirchner wrote: On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out random strings as challenge response but it's not worth. There is no enhanced security and only more work for signer and signee. If you send the signed UIDs encrypted to each mail address separately it has the same effect in security I don't think that's true: Decryption is (usually) handled by the encryption subkey and there's absolutely no guarantee that this subkey is controlled by the same person as the primary/signing key. There may even be valid reasons to split the two roles. Since UIDs are attached to the primary key and the primary key is the only one that can modify UIDs (and signing a key is all about UIDs) this system can't prove what it's supposed to prove: The link between the UID (better: the e-mail-address in it) and the person in control of it. This is exactly correct. The identity (for lack of a better word) is the primary+UID. Since that is what you are signing when you sign someone's key, that is what you should be verifying before you make the signature. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, David Shaw wrote: I've been away on vacation and only picked up this thread now. Hope it was relaxing. Welcome back seems like a negative thing to say. ;) This statement is not correct. Back in the PGP 2.x days, this might have been true, but with OpenPGP, there is no particular requirement that the ability to sign and the ability to decrypt are connected. You can have a shared key with separate capabilities. Sending an signed key via encrypted mail does not ensure anything about the key owner. Marcus and Ingo have very been helpful in providing pretty specific procedures that they've used (and documented) for key signing. I've read with interest the comments that you've made over the years as the topic of keysigning has come up and I'd be very appreciative if you could share a basic outline of the procedure you take or recommend. As I alluded to at the start of this thread, I've been volunteered to give a talk on the process and reason behind key signing at an upcoming meeting of my local LUG. I've been trying to find as many different peoples policies and procedures as I can prior to my presentation to a) refresh my memory and b) prepare for potential questions on why one might use a particular method. I highly respect the methods you've outlined on this list and I think the members of my local LUG could benefit greatly from being exposed to the policy/procedure for handling keys the come across at a key signing party. Thanks much for your efforts on GnuPG. Like OpenSSH, it's one of the applications that I use every single day and would have a hard time living without. - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Life is the art of drawing without an eraser. -- John Gardner -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSvRTwmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1oIFACg1o1VlJkJc3qnus5D24wxs1+c+nMAnif/DXQB GM8hQmMqt6RFQ6AxQObg =yZQj -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm putting together a short talk for my local LUG as we're planning to have a keysigning party in the near future and some folks want to hear more details so they'll understand better. I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) In particular, I like how David Shaw has explained the pitfalls with various approaches to doing the email challenge several times on the list. David, is your challenge policy something you've posted anywhere? Thanks in advance for any tips and pointers, - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Politics: A strife of interests masquerading as a contest of principles. The conduct of public affairs for private advantage. -- Ambrose Bierce -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkStWjImGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1rfhgCgppgUCneHGIDbicUjD6D2CObVB1wAoO4mITD/ rzoIwYVh4mlSML5fMhdx =PKSA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
* Todd Zullinger [EMAIL PROTECTED] wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) http://www.sc-delphin-eschweiler.de/pgp/ http://sion.quickie.net/keysigning.txt http://pgp-tools.alioth.debian.org/ Regards, Marcus -- Was ist für einen Mann das schönste in seinem Leben? - Eine weite Steppe, ein schnelles Pferd, der Falke auf seiner Faust und der Wind in seinem Haar. - Falsch! Conan, sag Du es mir! - Zu kämpfen mit dem Feind, ihn zu verfolgen und zu vernichten und sich zu erfreuen an dem Geschrei der Weiber. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning challenge policies/procedures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) http://www.sc-delphin-eschweiler.de/pgp/ http://sion.quickie.net/keysigning.txt http://pgp-tools.alioth.debian.org/ Thank you Marcus. I had actually found your page while doing some research and read it. Very nicely outlined. Thank you for sharing it with the world. I believe that we will be using the method outlined in Len Sassaman's and Phil Zimmermann's paper from above. This too I had read while researching this earlier. (It's good to know I've run across some of the same info you recommend. :) What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others.) It's been discussed here before but I've not found any scripts or good details that I could point my fellow LUG members toward. Isn't it a good thing to send some random data to each UID on the key someone wishes you to sign and require that they send back that data signed by the key to prove they control both the key and the email address in the UID? Many thanks for the helpful information, - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Money can't buy happiness, but it sure makes living in misery easier. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSt44gmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qEygCbBVGaCdjOa7MJ9gjkdRphpmz/Rx8AoO7Fh4Zd /pIdv/NHTQTTvue9nY2r =O8C/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users