Robot CA at
Thu Dec 5 15:59:01 2002

Hash: SHA1

On Thu, Dec 05, 2002 at 08:43:44AM -0500, David Shaw wrote:
>On Wed, Dec 04, 2002 at 01:27:49PM -0600, Kyle Hasselbacher wrote:
>> I'm interested to hear opinions on this.  In particular, my robot does not
>> do a challenge/response the way it's usually assumed.  It just signs the
>> key and sends it to the address in the key ID.  I rely on delivery failure
>> to eliminate the bad signatures.
>I think this is not terribly safe - as "postmaster" for a few sites, I
>know that I get a lot of bounces that would surprise the users the
>mail was intended for.  An unscruplous postmaster could also get the
>signed keys from the mail spool and abuse them.  The only way to be
>totally safe is to never generate a signature unless you intend it to
>be used.

The postmaster case is something I hadn't thought of.  I think the earlier
suggestion of encrypting the response would take care of that.  Am I
missing something?

>2) Alice's key doesn't have such a signature, so I don't know if the
>   email address has been verified... but I don't care; If the person
>   behind the email address does not have access to the key, they
>   won't be able to read the encrypted message I just sent them
>   anyway.
>Where's the benefit?  If it was guaranteed that ALL keys would have
>such a signature then there is the traffic analysis benefit of never
>sending a message like in the second example.  However, in the real
>world there is no such guarantee.

The benefit is in automation.

Once you have a robot CA, you can make an email client that looks for
recipient keys and automatically encrypts for them if they have the robot's
signature.  (More generally, it encrypts to any key that's considered
valid, and you make the robot's key a trusted signer.)

Once you have that, you can make the same client automatically generate a
key on installation and get it signed.  Then people are using encryption

The "robot only" users won't know what's going on, but they get extra
security anyway.  Further, they're able to "graduate" to "real" GnuPG usage
once they learn.  They already have a key, and they can get a real
signature on it at any time.

The educated users can encrypt to people who don't know what's going on,
and get encrypted mail from them.  If they don't want those automated
encrypted mails, they just don't get their key signed by the robot.  If
they don't trust the robot's signatures, they just mark the key untrusted.

At the point that we have automatic encryption in the mail client, you need
something to validate keys, or you get the attack where Eve makes a key
with Alice's email address and publishes it.  Then Alice gets encrypted
mails she can't read.  If Bob (the sender) can't figure out his mail
client, he can't stop sending them.

Thanks for reading this far.  I think the robot is a first step on the way
to transparent/zero-UI crypto.  That's the point.
- -- 
Kyle Hasselbacher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see