Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 31 January 2014 at 9:24:17 AM, in , Steve Jones wrote: > Well the conventions of use, for example the key > signing party protocol, requires photographic id. If I > publicly sign a key it has to be in line with how I > expect others to interpret it. Policies and notations > on signatures go some way to alleviate that but only if > the tools support it. Surely if others interpret it differently than how you publicly state you mean it, that's their own look-out. > To me, you are just an email address, for > all I know you're a dozen different people spoofing > emails to the list. If all your mails are signed with > the same key then I can at least assume all those > people are working in concert :-) I think all my emails to this list are signed with the same key. (-; > The issue is that the tools around OpenPGP use are > designed around the idea that it's for verifying some > fixed identity, whereas in this case it's continuity of > identity that's more important. You mean it doesn't matter *who* I am as long as I am the same person you corresponded with before? Apart from certain narrow legally-defined situations, that's fairly general in real life as well as online. > If your key had dozens > of signatures at the persona level going back a few > years then I'd have a reasonable belief that you're not > just a brand new identity created for mischievousness If you were that worried, you could check the list archives for signed postings from MFPA. > With notations you get a system of > distributed tagging, where identity becomes a matter of > a collection of attested to attributes. Obviously this > could create a lot of noise so you'd have a limited set > of folks (including ephemeral Internet folks) who's > tags you trust, probably the same people who's > signatures you trust - which is handy. :-) Would they "probably" be the same folks? Or would the people whose signatures you trust be akin to those you would have round for a meal, whereas those whose tags you trust would be more like people with whom you'd go out for a pint? > My mail client, and all the others I've used, is only > interested in whether I, or someone else, has certified > that MFPA is your real name. Any I have used is only interested in whether the key is valid. My local signature makes it valid but gives no clue about whether I know somebody's real name. > Certainly. This BTW is why I think anonymous > cryptocurrency is a daft idea Why do you need to know who the other person was in a Butcoin transaction? > True, "This person is a police officer and would like > to know where you were last night," might lead you to > wanting to see id. It might also lead to a point-blank refusal to enter any discussion. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Why is the universe here? Well, where else would it be? -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLxTndXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pOTkEAJCgeer2dfUk73oLg+x4Os9GYfcpkRDHIbAi yysyZcESOpZ9fMfRahVSb6YoZc87WEc2uHJAizsOaMelondTAYHTKV72KsGymd+q wh+ZEuxgIEjYA5VjpQ9jjp/38+eUb/ZkvP3uSoHe9x1s3lHl6sdulcSKkvj1Rctz FoGEaIJ4 =Nbk9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Friday 31 January 2014 16:09:39 Steve Jones wrote: > Well I was thinking of exporting at first, but it's too fraught with > problems. I would in general like to see more use of persona > signatures as certifying keys as good enough. Essentially I see the > requirements for certifying keys as a massive barrier to entry for > common use. My thoughts, exactly. After I tried out gpg for the first time I abandoned it mostly because there was no way I could establish a trust path between me and anyone outside my immediate physical neighborhood. Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Fri, 31 Jan 2014 16:37:28 +0100 Johannes Zarl wrote: > As far as I understood the original idea, it would use local > signatures only (preferably done with a special purpose local key > only used for these signatures). > > If one would export these signatures, that would just DDoS the key > server infrastructure for no gain. Well I was thinking of exporting at first, but it's too fraught with problems. I would in general like to see more use of persona signatures as certifying keys as good enough. Essentially I see the requirements for certifying keys as a massive barrier to entry for common use. Greater integration of local signatures into mail clients would be great though, essentially you could use your public key ring as an address book. Currently none (AFAIK) even offer the security of the SSH known hosts file of ensuring the same key is used as from the first contact. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
Hi, I've meanwhile seen that others assumed the automatic-persona certification to use exportable signatures. To clarify: As far as I understood the original idea, it would use local signatures only (preferably done with a special purpose local key only used for these signatures). If one would export these signatures, that would just DDoS the key server infrastructure for no gain. Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Fri, 31 Jan 2014 15:02:14 +0100
NdK wrote:
> Il 31/01/2014 10:24, Steve Jones ha scritto:
>
> > Well the conventions of use, for example the key signing party
> > protocol, requires photographic id. If I publicly sign a key it has
> > to be in line with how I expect others to interpret it. Policies and
> > notations on signatures go some way to alleviate that but only if
> > the tools support it.
> I tried looking around for some tutorials about notations, but could
> only find minimal information ("it's a string in 'tag@domain=value'
> format").
RFC 4880 seems to be the primary documentation.
> IIUC in *my* policy I could specify that when signing a key I use
> "ndk@mydomain=X" notation and that X=0 means "just checked the person
> can access the given mailbox", X=1 means "at least 2 other persons
> have confirmed that the same user used that email address for the
> last year" and so on.
That's pretty much it. I wouldn't worry about tracking what other
people have seen though if I were implementing a scheme like this. My
thinking is more notations like "only-emai...@example.org=true". But
the point of the @domain part is that anyone can implement whatever
namespaces they want.
> Is my understanding right? When I sign a key and use a notation, am I
> actually signing *all* the identities associated with that key? Or
> just one?
All signatures are on particular UIDs, and notations are part of
signatures, so you can sign as few or as many identities as you like.
--
Steve Jones
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896
signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Friday 31 January 2014 01:28:20 MFPA wrote: > , Johannes Zarl wrote: > > If the same email-address is used together with the > > same key for a long time, it effectively ties the > > email-address to a person for all practical concerns. > > After all, you are communicating via email with someone > > you have never seen. > > Didn't two or three people on this list all use the same key to sign > messages to this list a few years ago, for quite a while before > anybody noticed? If a mail program were to implement this automatic-persona-signature scheme, that wouldn't prevent this kind of fooling around. But I still think it could improve the awareness for this sort of thing (beyond the current state as described in xkcd: https://xkcd.com/1181/) > > If the initial communication was subject to a > > MITM-attack, the key would change as soon as the MITM > > attack stops or gets sidestepped. The quality of this > > "canary" improves with the number of signatures over an > > extended time. > > If the MITM attack lasts "an extended time" all the signatures would > be on the key of the MITM-attacker... You are right - that's the implicit problem in a system without trust-anchor: you only ever can prove that a problem occurred, not that everything is fine. Basically it's a "physical" approach instead of a "mathematical" one: in mathematics you can prove everything from a few axioms (the trust-anchor). In physics you can never be certain, but we keep watching the world and whenever we spot an inconsistency with our model we investigate. > > In either scenario, you would notice that something was > > afoul as soon as the key changes and investigate. > > You _might_ notice. If a mail program implements this (and automatic signing would need explicit support from the mail program), then it would also implement a notification. Implementing the auto-signing part without using the information for spotting problems is like implementing PGP without support for key expiration and revocation ;-) Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
Il 31/01/2014 10:24, Steve Jones ha scritto:
> Well the conventions of use, for example the key signing party
> protocol, requires photographic id. If I publicly sign a key it has to
> be in line with how I expect others to interpret it. Policies and
> notations on signatures go some way to alleviate that but only if the
> tools support it.
I tried looking around for some tutorials about notations, but could
only find minimal information ("it's a string in 'tag@domain=value'
format").
IIUC in *my* policy I could specify that when signing a key I use
"ndk@mydomain=X" notation and that X=0 means "just checked the person
can access the given mailbox", X=1 means "at least 2 other persons have
confirmed that the same user used that email address for the last year"
and so on.
Is my understanding right? When I sign a key and use a notation, am I
actually signing *all* the identities associated with that key? Or just one?
BYtE,
Diego.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 31 Jan 2014 01:15:07 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > On Thursday 30 January 2014 at 10:43:39 PM, in > , Steve Jones wrote: > > > Well therein lies my problem with the PGP system. It > > relies on the notion of there being this singular thing > > called your identity. > > I'll take that to mean your problem with the web of trust. To be really pedantic the web of trust established by conventional use of the OpenPGP protocol :-P > The pedantry about verifying government-issued identity is perhaps > necessary if you have the need to be confident the government knows > the other person as "John Smith" and that they are the right one of > the many "John Smiths" in existence. If that is not needed, the > name by which any government knows the person is irrelevant. > > Your certification on a key means exactly what you want it to mean. > If your certification is published with a key, it is up to each user > to interpret that certification as they see fit (or to ignore it > entirely). Well the conventions of use, for example the key signing party protocol, requires photographic id. If I publicly sign a key it has to be in line with how I expect others to interpret it. Policies and notations on signatures go some way to alleviate that but only if the tools support it. > > In online communications so many people are just > > names, urls or email addresses, their identity is just > > the things they've said and published. > > Is that so different from the person you don't actually know, but they > are sometimes on the train when you are commuting, and just > occasionally you chat? Nope, the difference is that in real life I have good mechanisms for being sure that the person I'm talking to today is the same as the person I was talking to yesterday. To me, you are just an email address, for all I know you're a dozen different people spoofing emails to the list. If all your mails are signed with the same key then I can at least assume all those people are working in concert :-) The issue is that the tools around OpenPGP use are designed around the idea that it's for verifying some fixed identity, whereas in this case it's continuity of identity that's more important. If your key had dozens of signatures at the persona level going back a few years then I'd have a reasonable belief that you're not just a brand new identity created for mischievousness (not that I'm claiming that you're trolling, it's just an example). With notations you get a system of distributed tagging, where identity becomes a matter of a collection of attested to attributes. Obviously this could create a lot of noise so you'd have a limited set of folks (including ephemeral Internet folks) who's tags you trust, probably the same people who's signatures you trust - which is handy. :-) My mail client, and all the others I've used, is only interested in whether I, or someone else, has certified that MFPA is your real name. > > If I was > > accepting a cheque from one of those people I'd > > probably look for an identity confirmation, > > If I didn't know their name or address, depending on the amount > involved I may not accept the cheque. Certainly. This BTW is why I think anonymous cryptocurrency is a daft idea. > > if I just > > wanted to talk to them in probable privacy then a few > > other people saying effectively "Yeah I've used that > > key for that person" is enough. > > Is what the signature means? Are they not simply saying, in effect, > "Yeah I've used that key for that _email address_?" Yes, I was being sloppy there. > > To put it somewhat glibly, if a friend introduces > > someone to you do you ask for an affidavit that your > > friend has seen two forms of state issued photo id > > before you'll talk to them? > > Depends on the conversation. (-; True, "This person is a police officer and would like to know where you were last night," might lead you to wanting to see id. It would be nice to be able to cryptographically verify such things. > There is no standard threat model. But the NSA and others are, at > least anecdotally, monitoring all communications and retaining copies > if they are encrypted. And any person could come under scrutiny as a > result of being only a small number of communication hops from a > "person of interest." By standard threat model I'm extrapolating from what all the docs seem to say. It appears to be an entity with the NSA's (purported) ability to monitor and intercept the Internet but without their ability to hack endpoints. - -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJS62vBAAoJEEgVHtdrBwIAyvcIAOG+j3e83zihc8VlmdbSThg3 QUp5+iXOpw0+Jv542AOHaEsfKkNl2+1KMbbEqUVPBHmB/eMFL9tb5mz82dyUppvK j2O2QPRQhHZlmJNuy84L9X8wf01IumbpfOEdwNXvWg5l3hr8qFRaQK4bkify1+Mr Ldlpgz0GCmByoud7T4abC4xLtEkybT4H2
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 30 January 2014 at 9:28:27 PM, in , Leo Gaspard wrote: > About emails reused by different persons... AFAICT most > major email services never re-issue the same email > address twice. Which could be considered good practice. Yahoo does. Some of my old yahoo accounts now say this when I log in: "Your Yahoo account has been inactive for an extended period of time and is being recycled. If you need a new account, please sign up for a new one." Other, even older, yahoo accounts give "This ID is not yet taken. Are you trying to register for a new account?" > If one worries about an email agency stealing the email > addresses, well... A signature on an email UID means > "Yes, this key is used by the same person as the email > address". So signing it "automatically" would not > conflict with the meaning of the signature. Fair enough. > Yet if the > UID also includes a name, then it should be signed only > after appropriate verification of the owner. Makes sense to me. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net War is a matter of vital importance to the State. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLrALlXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pOfsD/2s71tagOl3322f/WIbP5CaqwruiCtQO3B8f Sg3DuqmM8kNenFJgjbAq8PTf5FF4WXF/4xZasCvdPkMlgtFaCKcWgdEPo87cwBxY gEzjnZESkosq5m3vpD3PHxmeDzxP9QBp9ETuBNp745ZzcS8Oqiic3r6dfAxa5OyB PbF5ntLK =ODsN -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 30 January 2014 at 10:03:53 PM, in , Johannes Zarl wrote: > If the same email-address is used together with the > same key for a long time, it effectively ties the > email-address to a person for all practical concerns. > After all, you are communicating via email with someone > you have never seen. Didn't two or three people on this list all use the same key to sign messages to this list a few years ago, for quite a while before anybody noticed? > If someone else hijacks (maliciously or not) the email > address without also infiltrating that person's PC and > stealing the secret key, then the key would change. Fair point. > If the initial communication was subject to a > MITM-attack, the key would change as soon as the MITM > attack stops or gets sidestepped. The quality of this > "canary" improves with the number of signatures over an > extended time. If the MITM attack lasts "an extended time" all the signatures would be on the key of the MITM-attacker... > In either scenario, you would notice that something was > afoul as soon as the key changes and investigate. You _might_ notice. > The result is not perfect glorious privacy, just pretty > good for the average(tm) user. (-; - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net A wise man once said ..."I don't know." -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLq/DtXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pJw0D/iIg2+QPC9BhsyRJUeWvr9yuw0OzGrhO0ggq kdxWyzuKRVo2PLRWUhZ6hazO4miiosOW52D5WvTb6/UDM04xK7d4fjKmOmHobbgv fioOmpUCjWGxaKDo0kour7+gqiY54QVgi6XbdeXsmvLQcDJz+9oqWT53TtEnIdSq qDyTK9DO =E4xw -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 30 January 2014 at 10:43:39 PM, in , Steve Jones wrote: > Well therein lies my problem with the PGP system. It > relies on the notion of there being this singular thing > called your identity. I'll take that to mean your problem with the web of trust. The pedantry about verifying government-issued identity is perhaps necessary if you have the need to be confident the government knows the other person as "John Smith" and that they are the right one of the many "John Smiths" in existence. If that is not needed, the name by which any government knows the person is irrelevant. > This doesn't really match how people work in the world, it certainly > doesn't match how things work online. That's right, each context in which a person presents themself is effectively a distinct identity or persona. If the contexts overlap, there is a certain amount of blending between the distinct personas. > There are plenty of people I've > known for years by a particular name and using a > particular email address, but by the standards of PGP I > haven't verified their identity so shouldn't sign their > key. Your certification on a key means exactly what you want it to mean. If your certification is published with a key, it is up to each user to interpret that certification as they see fit (or to ignore it entirely). > In online communications so many people are just > names, urls or email addresses, their identity is just > the things they've said and published. Is that so different from the person you don't actually know, but they are sometimes on the train when you are commuting, and just occasionally you chat? > If I was > accepting a cheque from one of those people I'd > probably look for an identity confirmation, If I didn't know their name or address, depending on the amount involved I may not accept the cheque. > if I just > wanted to talk to them in probable privacy then a few > other people saying effectively "Yeah I've used that > key for that person" is enough. Is what the signature means? Are they not simply saying, in effect, "Yeah I've used that key for that _email address_?" > To put it somewhat glibly, if a friend introduces > someone to you do you ask for an affidavit that your > friend has seen two forms of state issued photo id > before you'll talk to them? Depends on the conversation. (-; > Yes, entirely. As it stands however the standard threat > model seems that we have to assume that all attackers > are the NSA. There is no standard threat model. But the NSA and others are, at least anecdotally, monitoring all communications and retaining copies if they are encrypted. And any person could come under scrutiny as a result of being only a small number of communication hops from a "person of interest." - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Lack of money is no obstacle. Lack of an idea is an obstacle. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLq+TFXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pArAD/i8aZhsGkl2sSAP9xGiRvpv8INKKdVQ+u5bg UcXmEXkFC3f1P3fmEaWOwilS71bOwmlicWSmi6SvLBFq+rW34BTamVG6W+YVN3gp xtHdOLFptzqVmHRrBardjTfA7UYsw5hZiOU6YVjuTKVRz05YFdvGiPyOYQP7MFDg NWI5jDv4 =beUa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Thu, 30 Jan 2014 21:09:45 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > On Thursday 30 January 2014 at 12:58:44 AM, in > , Steve Jones wrote: > > The advantage you have here though is the web of trust. > > 1 level 1 signature would probably be not enough, but > > 5, 10, 100..? > > If the signatures are made automatically be email software without > verifying identity, where is the web of trust? Lots of such signatures > would tie the key to the email address but not to a person. Email > addresses, just like phone numbers, may be re-used by a different > person today to who used them last year. Well therein lies my problem with the PGP system. It relies on the notion of there being this singular thing called your identity. This doesn't really match how people work in the world, it certainly doesn't match how things work online. There are plenty of people I've known for years by a particular name and using a particular email address, but by the standards of PGP I haven't verified their identity so shouldn't sign their key. In online communications so many people are just names, urls or email addresses, their identity is just the things they've said and published. If I was accepting a cheque from one of those people I'd probably look for an identity confirmation, if I just wanted to talk to them in probable privacy then a few other people saying effectively "Yeah I've used that key for that person" is enough. To put it somewhat glibly, if a friend introduces someone to you do you ask for an affidavit that your friend has seen two forms of state issued photo id before you'll talk to them? > > There comes a point where you have to > > decide that a certain level of security is good enough. > > That is one of the points of the oft-repeated mantra "It depends on > your threat model." Yes, entirely. As it stands however the standard thread model seems that we have to assume that all attackers are the NSA. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
[resent, this time to the mailing list] Hi, On Thursday 30 January 2014 21:09:45 MFPA wrote: > , Steve Jones wrote: > > The advantage you have here though is the web of trust. > > 1 level 1 signature would probably be not enough, but > > 5, 10, 100..? > > If the signatures are made automatically be email software without > verifying identity, where is the web of trust? Lots of such signatures > would tie the key to the email address but not to a person. If the same email-address is used together with the same key for a long time, it effectively ties the email-address to a person for all practical concerns. After all, you are communicating via email with someone you have never seen. Otherwise, you would have exchanged keys in person. Just take this list: I don't give a damn whether Werner Koch is the real name of that guy working on that awesome piece of software. I do care about that awesome piece of software being signed by the same Werner Koch as last year. If I needed to clarify a legal issue pertaining to the German citizen Werner K., I would prefer a key that I can link to a government-issued id. > Email addresses, just like phone numbers, may be re-used by a different > person today to who used them last year. If someone else hijacks (maliciously or not) the email address without also infiltrating that person's PC and stealing the secret key, then the key would change. If the initial communication was subject to a MITM-attack, the key would change as soon as the MITM attack stops or gets sidestepped. The quality of this "canary" improves with the number of signatures over an extended time. In either scenario, you would notice that something was afoul as soon as the key changes and investigate. The result is not perfect glorious privacy, just pretty good for the average(tm) user. Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Thu, Jan 30, 2014 at 09:09:45PM +, MFPA wrote: > > The advantage you have here though is the web of trust. > > 1 level 1 signature would probably be not enough, but > > 5, 10, 100..? > > If the signatures are made automatically be email software without > verifying identity, where is the web of trust? Lots of such signatures > would tie the key to the email address but not to a person. Email > addresses, just like phone numbers, may be re-used by a different > person today to who used them last year. Well... To this at least I can answer. Sure, it links a key to an email address. Yet, more often than not one knows the email address of the intended recipient (otherwise, how would he/she send the email?). So knowing an email address is associated to a key can be useful. About emails reused by different persons... AFAICT most major email services never re-issue the same email address twice. Which could be considered good practice. If one worries about an email agency stealing the email addresses, well... A signature on an email UID means "Yes, this key is used by the same person as the email address". So signing it "automatically" would not conflict with the meaning of the signature. Yet if the UID also includes a name, then it should be signed only after appropriate verification of the owner. Just my two cents, Leo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 30 January 2014 at 12:58:44 AM, in , Steve Jones wrote: > The advantage you have here though is the web of trust. > 1 level 1 signature would probably be not enough, but > 5, 10, 100..? If the signatures are made automatically be email software without verifying identity, where is the web of trust? Lots of such signatures would tie the key to the email address but not to a person. Email addresses, just like phone numbers, may be re-used by a different person today to who used them last year. > There comes a point where you have to > decide that a certain level of security is good enough. That is one of the points of the oft-repeated mantra "It depends on your threat model." - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Great minds discuss ideas; Average minds discuss events; Small minds discuss people. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLqv59XFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pT/8EAI9tSZ3POJC+LVqut0YRQFslGcxTZlROLJUb QLfAwUTb2u0o9sla57Seqpxcop8BV9ypbTS4raPMEOjrL0t/fz5kWb6I9sNguaxf szfcOq2KLwh/KzgaWKJrDEiTPxcQk1skevohts7137E+fGk7I/aBiMqX0AJTvW+8 I56nkmBm =JI5Y -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 30 Jan 2014 00:04:17 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi > > > On Wednesday 29 January 2014 at 7:57:12 PM, in > , Johannes Zarl wrote: > > > > Under the assumption > > that an attacker can't reliably do a MITM attack on > > every message that is sent over an extended time > > period > > Why would that be assumed? In a corporate setting the MITM could be > placed within the company's network, for a home user their ISP or > email provider could be used, and for mobiles, the phone network. The advantage you have here though is the web of trust. 1 level 1 signature would probably be not enough, but 5, 10, 100..? There comes a point where you have to decide that a certain level of security is good enough. An attacker that can MITM not only your communications with the key server and your emails but that of all your friends can probably do a lot more than just MITM communications - like insert custom hardware into the supply chain rendering software based security useless. > > , you would place almost no trust in a fresh > > persona-certified key, but high trust in an old and > > frequently encountered key. > > The older the key, the greater the opportunity for compromise. Yes, I'd say it's the number of signatures rather than their age which would lend trust. > > The trust would grow with > > time (just like the trust into someone you know in real > > life). > > If a person I knew well in real life were "compromised" they are > likely a poor enough actor for it to be easily-noticed. Maybe, a lot of compromised actors have gotten away with it for a long time. But that's a different story, all the trust in a person's key and identity is useless if they're secretly working against you. - -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJS6aPEAAoJEEgVHtdrBwIA3cMIAOR684K06OPgZP30NeK7qu3u fdP9tq8TkwsIBRdZBFEgR6wkp9YfCu4+qGVqutn4txC+4qyVzbfhMDDFGb17DNHL PVZ3LS0w2jjjpYxU6GUbU6icn4otzqU7GUqsWjQxkjUvDeKW4vuuiz75+dLiXi5B 8SttzmogWzAazVtTVMk4h0PE3dDb8mfWuv02h/BhemfMeN10VT6YJfBhSqmevTiw 4An+GEmvMbtH0lPPRQHtTNvsz632Szp/6I3LObnDKrQWUtPVITqx8cPL3HXC0ozz BwMCaPLDlKO69qnhuzoaqkHBfJ4UuXTKBwfiI9+cmxiFUvyphYm6LBaw7ZmSnNQ= =WDKc -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 January 2014 at 5:24:36 PM, in , Steve Jones wrote: > Well, it could be semi-automatic. I'm only talking > about persona certifications, which appear to be > understood as verifying that the key and the email > address are under the control of the same person. > Having your mail client being able to determine that > the key and the email address seem to match and > offering you a one click (plus passphrase) option to > verify that fact would be nice. So long as the certification applied were only a local signature, I see a niche for this functionality (and the individual user can invest the resulting local signatures with any meaning they wish). As soon as those signatures are exported, it dumps more "noise" to the web of trust for no obvious gain. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Don't talk unless you can improve on the silence -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLpmmxXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pz1QD/1VQrX52KpK/kNfsZl4A3QZJWYN2CznnaZo+ d1D4y8OZ4zcQOh2fCsraR8sXHU5/U6ctgpX7sBT9BbTYFCI1zAkkpRGR3iTpXDFy RpzJ3B9LamYlS5GYR8EjK+n/wKVbPn44WcwCx17mampyk2QLq5j+g4W+xynvPc5G 6OESu2eg =8u5b -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 January 2014 at 7:57:12 PM, in , Johannes Zarl wrote: > Under the assumption > that an attacker can't reliably do a MITM attack on > every message that is sent over an extended time > period Why would that be assumed? In a corporate setting the MITM could be placed within the company's network, for a home user their ISP or email provider could be used, and for mobiles, the phone network. > , you would place almost no trust in a fresh > persona-certified key, but high trust in an old and > frequently encountered key. The older the key, the greater the opportunity for compromise. > The trust would grow with > time (just like the trust into someone you know in real > life). If a person I knew well in real life were "compromised" they are likely a poor enough actor for it to be easily-noticed. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net The second mouse gets the cheese -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlLplxVXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p/PAEAMLzMDuW9+rogvLcrYKTKPZOZDyfj3CwaG+l h5IjlkH1I+wsYooLti/c8hBklE1RxHXlbDjnmjph88IAK2+hHvBtC+HUra+2BZbp KxDeYvthnSeeZ7R1Ry3yX9c7OUO4J2xAZPCVTFmmBoX06jf/nBBHQGAelmnrTF5L dXkfQPTu =8zBv -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
Hi nb.linux, * nb.linux [29. Jan. 2014]: > Gregor Zattler: >> * Steve Jones [24. Jan. 2014]: >>> Which reminds me that I'd really like an email client that >>> automatically signs keys at level 1 (persona) of anyone who replies >>> with a signed email that quotes a significant portion of the text I >>> sent, as this effectively counts as a challenge response protocol in my >>> book. >> >> That's an interesting idea. But there is still the possibility >> of a man in the middle attac... The web of trust is supposed to >> counter MITM attacks by signing keys only if the verification was >> done directly (no middle person). > > maybe you already discussed that, but what about sending someone an > encrypted email (with the challenge) and wait for an encrypted reply > with the signed challenge? (as you seem to talk only about sending a > clear text challenge) This would not help against a MITM -Attack. I want to send you an email, email program fetches a key with uid nb.li...@xandea.de from the server, evil organisation intercepts this, sends me key with uid nb.li...@xandea.de, I send a challenge encrypted to this key, evil organisation decrypts it rencryts it to you key, sends it to you, you sign-reply to my encrypted challenge, evil organisation intercepts it... > Personally, I don't want such behaviour. When I'm making a > certification, then it's me doing it manually as I have the > responsibility. I don't want some program to be able to make automatized > certifications with my key. me too. Ciao; Gregor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Wednesday 29 January 2014 10:52:26 Robert J. Hansen wrote: > > Well, it could be semi-automatic. I'm only talking about persona > > certifications, which appear to be understood as verifying that the key > > and the email address are under the control of the same person. > > I suspect the majority of GnuPG and PGP users could not tell you what > a persona-level verification means. Saying they appear to be > understood as X appears to me to be a dangerous bit of conjecture. Since gnupg does equate trust level 1/persona certification to an untrusted one, that should not be a problem IMO. I like how this idea could mirror a "natural" web of trust - given proper MUA support. Under the assumption that an attacker can't reliably do a MITM attack on every message that is sent over an extended time period, you would place almost no trust in a fresh persona-certified key, but high trust in an old and frequently encountered key. The trust would grow with time (just like the trust into someone you know in real life). Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
Well, it could be semi-automatic. I'm only talking about persona certifications, which appear to be understood as verifying that the key and the email address are under the control of the same person. I suspect the majority of GnuPG and PGP users could not tell you what a persona-level verification means. Saying they appear to be understood as X appears to me to be a dangerous bit of conjecture. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
On Wed, 29 Jan 2014 11:14:11 + "nb.linux" wrote: > Gregor Zattler: > > Hi Steve, gnupg users, > > * Steve Jones [24. Jan. 2014]: > > That's an interesting idea. But there is still the possibility > > of a man in the middle attac... The web of trust is supposed to > > counter MITM attacks by signing keys only if the verification was > > done directly (no middle person). > > maybe you already discussed that, but what about sending someone an > encrypted email (with the challenge) and wait for an encrypted reply > with the signed challenge? (as you seem to talk only about sending a > clear text challenge) Yes, the message being sent would have to be encrypted for the procedure to be valid, otherwise an attacker could read the mail and spoof a response (after having already spoofed your communication with the key server). > Personally, I don't want such behaviour. When I'm making a > certification, then it's me doing it manually as I have the > responsibility. I don't want some program to be able to make > automatized certifications with my key. Well, it could be semi-automatic. I'm only talking about persona certifications, which appear to be understood as verifying that the key and the email address are under the control of the same person. Having your mail client being able to determine that the key and the email address seem to match and offering you a one click (plus passphrase) option to verify that fact would be nice. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MUA "automatically signs keys"?
Gregor Zattler: > Hi Steve, gnupg users, > * Steve Jones [24. Jan. 2014]: >> Which reminds me that I'd really like an email client that >> automatically signs keys at level 1 (persona) of anyone who replies >> with a signed email that quotes a significant portion of the text I >> sent, as this effectively counts as a challenge response protocol in my >> book. > > That's an interesting idea. But there is still the possibility > of a man in the middle attac... The web of trust is supposed to > counter MITM attacks by signing keys only if the verification was > done directly (no middle person). maybe you already discussed that, but what about sending someone an encrypted email (with the challenge) and wait for an encrypted reply with the signed challenge? (as you seem to talk only about sending a clear text challenge) Personally, I don't want such behaviour. When I'm making a certification, then it's me doing it manually as I have the responsibility. I don't want some program to be able to make automatized certifications with my key. Here's a quote from an email on a very similar topic: From: Robert J. Hansen Subject: Re: trust your corporation for keyowner identification? Date: 2013-10-17 13:54 -0700 >> In my proposed scenario, the corporation [e.g. HR] is doing nothing more than >> providing a means for the participants to know that Bob is actually Bob >> because the company has checked his id and said he is and providing an >> authenticated means (again, IT being a black-hat aside) to communicate >> with Bob and verify fingerprints, etc. > > Under this scenario, the entire thing is dangerously bogus. > > When I sign a certificate, I am sending a message: "I am vouching for the > identity of X." Under your scenario, I'm no longer vouching for the identity > of X. I would instead be saying, "Someone else who is not listed on this > signature has vouched for the identity of X. I am signing this without any > direct personal knowledge of X's identity." > > If you're vouching for X's identity, you need to take positive steps to > verify X's identity. If someone else is vouching for X's identity, then let > them sign X's certificate. Why should you get involved without doing your > own positive verification? Two replies later in the thread there was Stan Tobias who clarified: > [That] you vouch that the person told you "This is my key". Making a > certification is *not* a confirmation of an identity. I like the term "vouch" here, because it highlights the responsibility in the Web of Trust of the person doing the certification. Cheers, -- nb.linux ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
