On 24 Mar 2014, at 6:38 , Jonathan Wilkes <jancs...@yahoo.com> wrote:
> If I were so inclined couldn't I periodically query every publicly > accessable PGP keyserver (maybe do it in a distributed manner) and upload a > new key with the same name/email address as what was added since the last > time I checked? > > Furthermore, couldn't I periodically query every publicly accessible PGP > keyserver (maybe do it in a distributed manner) to see who signed what, and > then mirror that web of trust with the keys I control? You could try that, but apart from what others have said, there is a practical obstacle: you must reliably MITM all messages to and from everyone whose key you’ve forged, or people will notice the key mismatch because their messages won’t decrypt or the signature won’t verify. If that happens, you’ve got to MITM discussions out-of-band which might lead to someone asking “Where did you get that key from?” You’ve also got to make sure that real keys forged in your web aren’t distributed through other trustworthy channels (for example, supplied with distro disks or printed on business cards). I think that even with the NSA’s resources, they’d be hard-pressed to pull that off on a global scale, although it might be feasible against a few small targeted groups for a limited time. In effect, the keyservers are a kind of provisionally TTP - in the cold-introduction problem, users have to trust them for want of anything better, but PGP tools should make clear that the trust involved should be regarded as weak and provisional until one can check the keys. It might be possible for key servers to help with this, since they could also provide a list of keys which produce a path to a specified key from a set of well-known keys, although this could be run as a separate and untrusted service provided someone had a mirror of the major keyservers. > Furthermore, couldn't I also upload keys with same name/email addresses for > any keys that existed before I started, lie about the creation date, and work > those into my hall of mirrors? I think your other repliers have been a bit too sanguine about the power of the WOT here - yes, in theory there shouldn’t be any link from users own keys to your web, but in practice people are lazy, stupid, and inclined to over-rate people, so there will almost certainly be links into your web. Fortunately, these links should be weaker than the links to equivalent parts of the real web, and user agents ought to pick the key with the strongest trust link (and want users about the potential fake)[1]. You could attempt to circumvent that by making the links within your web stronger and denser, but that creates a dead giveaway that your web is the fake one when it is discovered. [1] Exceptions can be made for less trusted keys signed for the same address by a more trusted key if the less-trusted key is newer and stronger, because then that is likely to be a legitimate successor, and probably a few other circumstances, but you get the idea. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
