Robot CA at

Kyle Hasselbacher
Thu Dec 5 18:23:02 2002

Hash: SHA1

On Thu, Dec 05, 2002 at 11:09:26AM -0500, David Shaw wrote:
>On Thu, Dec 05, 2002 at 09:00:02AM -0600, wrote:
>> The postmaster case is something I hadn't thought of.  I think the earlier
>> suggestion of encrypting the response would take care of that.  Am I
>> missing something?
>Encrypting the response isn't always possible.  Remember that OpenPGP
>supports sign-only keys.  Even so, it's just safer design - if the
>signature never existed in the first place, then there is no way it
>can fall into the wrong hands.

I agree, it's a safer design.  Its only downside is that it's more complex.
I'm not very interested in signing sign-only keys; the whole point is to
sign keys that will be used for encryption.  At this point, though, it
doesn't make the distinction, so this is a problem.

>> The benefit is in automation.
>> Once you have a robot CA, you can make an email client that looks for
>> recipient keys and automatically encrypts for them if they have the robot's
>> signature.  (More generally, it encrypts to any key that's considered
>> valid, and you make the robot's key a trusted signer.)
>> Once you have that, you can make the same client automatically generate a
>> key on installation and get it signed.  Then people are using encryption
>> transparently.
>> The "robot only" users won't know what's going on, but they get extra
>> security anyway.
>How?  I understand the arguments you are making, but they are really a
>"here's how it works" rather than a "here's the benefits it brings".

The ultimate goal is to bring encryption to people who wouldn't have it
otherwise.  The benefit it brings is some extra security where there would
be none otherwise.  The users of this mailing list (who already know how to
use GnuPG, and do so) are not the "target audience."  The target is the
granny who won't put up with a passphrase in a million years.

With tools yet to be created, people could get the benefits of encryption
without having to understand it.  The robot CA will make those tools work

>The only reason I have come across thus far to do this at all is to
>combat this one particular denial of service attack:
>> At the point that we have automatic encryption in the mail client, you need
>> something to validate keys, or you get the attack where Eve makes a key
>> with Alice's email address and publishes it.  Then Alice gets encrypted
>> mails she can't read.  If Bob (the sender) can't figure out his mail
>> client, he can't stop sending them.
>Mind you, I'm not saying that this isn't a good enough reason to do
>it.  I just don't want the impression going around that email
>verification is somehow "secure", and the best way to do that is to
>lay out in clear terms exactly what this is good for.
>You're not saying this is secure, and in fact saying the opposite,
>which is admirable.  Many people won't understand that, unfortunately.

I've heard before the objection that this produces a false sense of
security.  I don't deny it.  What I think, though, is that the false sense
of security will always be a problem.  I've talked to users who are
astonished to learn that their sysadmin can read their email on the mail
server.  I want those who don't understand security, who think they have
some, to actually have more than they do now, even if it's not the most
that's possible.
- -- 
Kyle Hasselbacher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see