>>>>> "Wesley" == Wesley J Landaker <[EMAIL PROTECTED]> writes:
Wesley> I wrote this up to someone. I thought I'd share it, and Wesley> get your thoughts. (e.g. anybody see any weaknesses in Wesley> #1-#3 that *aren't* present in the typical meet, check ID, Wesley> get GPG fingerprint, assuming #4 is always used Wesley> afterwards?) Can I please ask the blindingly obvious question that is so obvious nobody has asked? What is the point of keysigning? What are we setting out to achieve? Ok, so I get my key signed, using what I believe to be the standard process[1][2][3][4][...]: 1. I claim to be "Brian May". I have a passport that proves that I am in fact "Brian May". I have a drivers license that proves that I am "Brian May". The photos are identical to what I look like. Assume none of these are forged. I suspect many people would not be able to tell a forgery, even if it technically is illegal. Often the photo looks nothing like the person (due to shave, glasses, hair style, etc). In this case though, I am very convincing that I am Brian May. People who know me and see me can also confirm this. 2. I claim key-id 00530C24 with fingerprint 9918 7E12 ABAF 54EA 9C9E 27A5 B828 A71C 0053 0C24 is mine. In fact, numerous people have already signed this key for me. 3. You obtain a copy of my key with the following UIDs, and sign all of them: Brian May <[EMAIL PROTECTED]> Brian May <[EMAIL PROTECTED]> Brian May <[EMAIL PROTECTED]> Brian May <[EMAIL PROTECTED]> Brian May <[EMAIL PROTECTED]> (note: assume for this keysigning I deleted my old UIDs and added several new ones that I should have added several years ago). 4. Either: a) You send a copy of my key, to me, to the first address[1]. b) You send a copy of my key, encrypted using my key, to the first address. Do this if I you know I want to keep my public key private[2]. Or do this if the key signing session was a "smaller group"[3]. c) You upload to a key server. Do this only if you know I want the public key to become public[2], or if keysigning wasn't a "smaller group"[3]. Or just do this anyway[4]. I have heard various reasons why each alternative is better then the other alternatives. Read the references. Is this process "correct"? Or did something go seriously wrong here? If it was correct, why was it correct? If it was wrong, why was it wrong? Assume this key isn't already in the Debian keyring (it is), but I am an existing Debian Developer. If you were the Debian administrators, would you have any problems adding this key to the Debian keyring? What if I only supplied my Debian UID, and my public key was otherwise private? So after having my key signed, I get my name legally changed to "John Doe". As such, I get my passport, etc, reissued under "John Doe". Does this suddenly mean my key is invalid? If so why? What if my email address of [EMAIL PROTECTED] was still valid? Would it be OK to sign a UID for "John Doe" if the UID was "Brian May <[EMAIL PROTECTED]>" or "John Doe <[EMAIL PROTECTED]>", but I didn't have any proof of ever being "Brian May"? Why/Why not? What if my past email address was something cryptic, like [EMAIL PROTECTED], how would you know if this was suppose to belong to "Brian May" or "John Doe"? What if I got my name legally changed to "Branden Robinson"? Shouldn't I be able to get my key signed? Just because my name happens to be the same as some other person on this planet... Or would it be better if I invented an alias? Then my key ID wouldn't match my legal ID. What if everyone knows me by an alias, but I haven't/don't want to change my legal name? "Rusty Russell" is one well known example. If my key uses my real name, people may not realize it is me. I can't help but wonder if we have become to obsessed with signing a key to a particular name, that we have lost track of what we are trying to achieve. Just because the name matches (or is almost identical) does not mean it is the same person. Even if this key has hundreds of trusted signatures and the name is identical, it still doesn't mean it must be the same person. You could improve security if you do the tedious task of sending an email to every address, using a password decided on at the meeting[3]. This is step is considered "optional". However [3] doesn't give the full details for this to be secure, either. You would need: * ensure nobody else sees the shared password. The password for every person should be different. Writing it down could be unsafe, but not writing it down could lead to memory loss. * to test every email address you are going to sign. * to send a "cookie" that is different for every email address. * receive a response for every email address and check that both the cookie and passwords match. Otherwise, I could send an email back to you (with a modified From: header) that appears to be a response to the email you sent me, when in actual fact I never received it, or only received it from one of the email addresses. Even with this check, just because I was the person present to do the authentication checks, and just because I can intercept mail to a given email address, and just because I have the corresponding private key, doesn't mean that email address really is mine. If I was a Debian system administrator, imagine how many [EMAIL PROTECTED] email addresses I could intercept? (Note: this does not imply I have anything less then 100% trust in the Debian administrators). With large key signing groups, the chances of somebody detecting something wrong increases, but not all key signing is done in large groups. Disclaimer: if you believed everything I wrote in this email as truth, then you demonstrated why there are serious problems in the current methods commonly used in key signing. References (obtained using google search for "key signing howto") [1] http://www.debian.org/events/keysigning [2] http://www.cryptnet.net/fdp/crypto/gpg-party.html [3] http://www.unix-ag.uni-kl.de/~conrad/krypto/keysign.html [4] http://wiki.openskills.net/OpenSkills/GPG+Key+Signing [...] heaps of others -- Brian May <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]