On Thu, Apr 07, 2011 at 10:31:24AM +0200, takethe...@gmx.de wrote: > Definition: Signing a key means saying: "I confirm the full name in > the key's ID is the keyowner's right name. The email address in the ID > is the one the keyowner put there, but I cannot guarantee it's > his/hers.
Yes you can, and that's the whole point. You need to verify that the key they claim is theirs, is actually indeed their key. > The person I do the fingerprint-check > with (let's call him Peter Hansen) > doesn't put his, but Anna's email address (a...@web.com) > in the key's ID, because he managed to get access to it (attack). > I don't check the email address, but the Name in > the ID and sign the key. The ID is now: "Peter Hansen a...@web.com". > Let's say Marie somehow get's this signed key. There are again two cases: When verifying that the key belongs to the owner, you should be establishing identity. This means if you don't know the person, you should verify the name, fingerprint in the key, and verify some sort of identification from the owner. So, if Peter Hansen stole Anna's key, it should be obvious that the name in the key doesn't match the name on the presented identification. Further, if Anna setup her key, then her name and email are in the public key. Signing the key doesn't automatically change her name to "Peter Hansen", just because Peter has the key, so I'm not exactly sure what you're saying here. > Marie wants to send Anna a message. > Although she recognizes Anna's email address and > my signature, she will not use the key, because there's > "Peter Hansen" written in the ID. No, she won't, which is where I'm confused. Marie will see Anna's name in the key, not Peter's. Further, the encrypted message will go to Anna's email account, not Peter's. And, even if Peter did some how intercept the encrypted message, if he doesn't have Anna's private key, what good is it? > Marie wants to send Peter Hansen an encrypted email. Then she will > use the key and send it to a...@web.de and Peter > will even receive it, since he has access. What? How? By sniffing the packets sent between MTAs? If Peter has access to Anna's mail, then fine. But if he doesn't, his only way to the mail in transit is to sniff packets or break into Marie's account. The point of key signing is to build a decentralized web of trust. For every signature you apply to a public key, you are indeed saying that you have done careful checking to ensure that the key does in fact belong to the owner it claims. The more the signatures on the key, the stronger this statement becomes. Sure, you can't be 110% sure that the owner didn't steal a laptop, create fake credentials, and steal the identity of the key owner, collecting signatures. However, the key owner should have been smart enough, that when he/she generated the key, that they also generated, and printed, the revocation certificate, so should his laptop get stolen, he can revoke the key, publish it to the servers, and start over. And you're a good citizen, because you refresh your public keyring from the keyservers regularly, and would have caught the revocation before signing the key. 100% sure? Probably not. 98% sure? Most likely. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users