discussion on increasing amount of gpg signatures...

Evan Prodromou evan@prodromou.san-francisco.ca.us
Sat Oct 13 20:04:02 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "MA" == Matt Armstrong <matt@lickey.com> writes:
MA> Verifying that the key holder has control of the key's e-mail MA> address isn't part of many key signing party verification MA> procedures, especially less formal ones. This is extremely true. One way to ameliorate this is to use a challenge-response pair for each e-mail address on the key. For example, when I meet Matt Armstrong at a key-signing party, after checking his identification papers of whatever sort, I give him a slip of paper with a unique challenge bitstream to take home. A good password generator will make a decent bitstream creator, giving semi-readable streams like "underw3ar%beaujolais". When I get home to my computer, I send matt@lickey.com _another_ challenge bitstream, such as "spock8free-dmitry". Matt then sends back _both_ bitstreams, e.g., ---BEGIN EXAMPLE FAKE PGP SIGNED DATA--- underw3ar%beaujolais spock8free-dmitry ---END EXAMPLE FAKE PGP SIGNED DATA--- Now I know with reasonable certainty that the person I met at the party is the same person who receives mail at matt@lickey.com, and that both people are the same as the person who uses key X. I can sign the key with some margin of certainty. Note that the challenge doesn't have to be spectacularly long or unique. A brute-force dictionary attack isn't going to work in this situation -- if I get back 500 billion messages, starting with "aardvark1aardwolf" and ending with "zymurgy)zither", chances are I'll be just a teensy bit suspicious of the situation. There are, of course, some attacks on this. For example, Matt Armstrong (the person who's ID and key signature I verified at the key party) could be intercepting mail for matt@lickey.com, and falsifying headers to send mail from the same address. Or, Matt Armstrong could have been mugged on the way home from the keyparty, his secret key as well as my slip of paper with the challenge stream stolen by the (entirely different) guy who gets mail at matt@lickey.com, and said mugger could then be sending out signatures. But it's a pretty reasonable mechanism. ~ESP - -- Evan Prodromou evan@prodromou.san-francisco.ca.us -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE7yJG9ozwefHAKBVERAt0DAKCo1j7R6oGpNyRTRSkkNTptfNKqZQCgze9f 2j8yLpVGZcNBq9fl4UkfUw4= =yk7L -----END PGP SIGNATURE-----