discussion on increasing amount of gpg signatures...

Matt Armstrong matt@lickey.com
Sat Oct 13 05:31:01 2001


I think claims that a web of trust provides "absolute certainty" go too
far.  "Good enough" certainty is a better term, but it all depends on
the verification mechanisms people use.

Correct me if I'm wrong, but key signing parties are often subject to
this kind of attack on the web of trust:

    1) Joe Bob creates a key pair with "Joe Bob <foo@example.com>" when
       in reality foo@example.com is under the control of some other
       person who happens to have that e-mail address.

    2) Joe Bob gets lots of people to sign this key, since his drivers
       license and passport prove that he is "Joe Bob."

Verifying that the key holder has control of the key's e-mail address
isn't part of many key signing party verification procedures, especially
less formal ones.  I'm looking at the "GPG Keysigning Party HOWTO" and
the "comp.security.pgp FAQ" here.

So Joe Bob is then able to fool people into thinking he is
joe@example.com, when he isn't.  He can post to newsgroups and mailing
lists signing messages with this key, threaten the life of political
leaders and celebrities via e-mail, take over their domains hosted with
networksolutions.com (changing the authentication method from MAIL FROM
to PGP in the process), etc.  In general, cause the real e-mail address
holder pain.

Of course, attackers are limited to attacking people with e-mail
addresses that are either cryptic or similar to their own name.  Most
people would get suspicious signing a key with an address "Matt
Armstrong <george.bush@yahoo.com>." ;-)  But many people have cryptic or
meaningless e-mail addresses that could concievably belong to anybody.

I also agree that many times e-mail communication comes before key
signing, in which case this kind of spoofing becomes impossible.

And, of course, the verification step is easy: before signing any key,
send the person an e-mail and ask them to sign their response.


On Fri, Oct 12, 2001 at 06:05:45PM -0400, Ben Paul Wise wrote:

> Johan et al:
>
> The "web of trust" is not meant to determine honesty, reliability,
> discretion, etc. It is meant to be a web of certifications that the keys
> are actually in use by those who appear to be using them.
>
> The difference: I may know with absolute certainty that the key belongs
> to John Doe because of the web of trust. Therefore, I know with absolute
> certainty that he'll blab my secret all over town as soon as he knows it -
> because he really is the John Doe whom I distrust.
>
> On Friday 12 October 2001 12:42, Johan Wevers allegedly wrote:
> > Douglas Elznic wrote:
> > > It seems that the biggest problem with gpg is not technichal and but a
> > > social problem. The problem seems to be the lack of signatures and size
> > > of the web of trust.
> >
> > Hmmm. If I discuss things that really need to be kept secret I only
> > do that with people I already know and whose keys I trust. And
> > trusting people for discussing one subject does not automatically
> > mean I trust them for discussing other subjects too. This means I
> > just don't care for the "web of trust". Before I discuss some things
> > with people, I just need to trust them personally, not "trust" them
> > because other people do.
>
> --
> Ben Wise, PhD Mobile: 703-731-5144
> SAIC GnuPG ID: 0xF491BD21
> http://www.saic.com bwise@sito.saic.com
-- matt