looking up pgp keys

[Tim Prepscius]

This is also very interesting.

Why is this the model which has been chosen?

For instance, if I wanted to send a message to you, having never met
you before, I could not verify I am sending to you and not a third
party masquerading as you.  I could probably look you up on the net,
read a bunch of web pages, perhaps you've posted your pub key on some
blog or something.  But that takes a human.

If I am a machine, is there anyway to effectively filter out poisoned
results?  (which are not poisoned via MITM but just globally
poisoned)?


Why didn't the mail server people also run local key servers for which
you could only change your key with your password?
(while this would not be any strict guarantee of course, it would
solve the problem of spam, and anyone writing to anything)


--

So basically what I'm getting from this, is if I do this with a machine:

1.  There is no trust.
2.  Changing from one key to another key, if the first key hasn't been
"officially" revoked, is even less trust.
3.  And in fact, even if the first key was revoked, there is no
guarantee that the second key is trustworthy.
4.  I need to continually monitor all keys of my users in the public
key repository, watch for changes.

-tim



On 9/9/13, Phil Pennock <gnupg-devel at spodhuis.org> wrote:
> On 2013-09-09 at 20:40 -0400, Tim Prepscius wrote:
>> Why aren't the results from the http://pgp.mit.edu:11371 signed with their
>> key?
>> They have an http request but there is no way I can tell if I've been
>> mitm-ed.
>>
>>
>> I should be able to ask each server I request from, the public key of
>> the other servers, and then check the signature of each against each
>> other
>>
>> ??
>>
>> Is this implemented and I'm missing it somehow?
>
> Anyone can upload content to the public keyservers.  I could, instead of
> writing this email, use GnuPG to create an OpenPGP key which claims to
> belong to:
>
>   Tim Prepscius <timprepscius at gmail.com>
>
> and upload it.
>
> Signatures securing links between keyservers don't matter, when *anyone*
> can anonymously upload keys into a keyserver and let them propagate.
>
> The security of the PGP keyservers is not from "being in the public
> repositories" -- they're a collection of assertions that various people
> make.
>
> The security is because PGP inherently provides an object-level model of
> security, where the items themselves should be sufficient for
> establishing links.  This is where the Web-of-Trust comes in.  Given
> user decisions of how much I trust, say, "Werner Koch" (as that identity
> is expressed by one particular PGP key) to bother verifying identities
> of people and the links between them and keys, I can trust the identity
> assertions in keys which carry a uid signature from Werner.  The link is
> there from the signature already, I decide how much I trust signatures
> from a particular key.
>
> There is spam in the public keyservers.  There are known bad keys, there
> are known malicious keys.  The continuing viability of public keyservers
> is a reasonable thing to question.  The loss of them would be a blow.
>
> But the mere presence of a key in a public collection conveys no
> inherent trust.  There's more trust from `finger foo at example.org`,
> because heck, at least faking the result would require a current active
> attack.  That's still not a lot of trust, but it is mildly suggestive
> that a key might be a reasonable match to an identity (in the form of an
> email/finger address), unlike being present in a public keyserver, which
> is not suggestive at all.
>
> -Phil
>