Robot CA at

David Shaw
Thu Dec 5 21:37:01 2002

On Thu, Dec 05, 2002 at 11:24:01AM -0600, Kyle Hasselbacher wrote:
> Hash: SHA1
> On Thu, Dec 05, 2002 at 11:09:26AM -0500, David Shaw wrote:
> >On Thu, Dec 05, 2002 at 09:00:02AM -0600, wrote:
> >> The postmaster case is something I hadn't thought of.  I think the earlier
> >> suggestion of encrypting the response would take care of that.  Am I
> >> missing something?
> >
> >Encrypting the response isn't always possible.  Remember that OpenPGP
> >supports sign-only keys.  Even so, it's just safer design - if the
> >signature never existed in the first place, then there is no way it
> >can fall into the wrong hands.
> I agree, it's a safer design.  Its only downside is that it's more complex.
> I'm not very interested in signing sign-only keys; the whole point is to
> sign keys that will be used for encryption.  At this point, though, it
> doesn't make the distinction, so this is a problem.
> >> The benefit is in automation.
> >> 
> >> Once you have a robot CA, you can make an email client that looks for
> >> recipient keys and automatically encrypts for them if they have the robot's
> >> signature.  (More generally, it encrypts to any key that's considered
> >> valid, and you make the robot's key a trusted signer.)
> >> 
> >> Once you have that, you can make the same client automatically generate a
> >> key on installation and get it signed.  Then people are using encryption
> >> transparently.
> >> 
> >> The "robot only" users won't know what's going on, but they get extra
> >> security anyway.
> >
> >How?  I understand the arguments you are making, but they are really a
> >"here's how it works" rather than a "here's the benefits it brings".
> The ultimate goal is to bring encryption to people who wouldn't have it
> otherwise.  The benefit it brings is some extra security where there would
> be none otherwise.  The users of this mailing list (who already know how to
> use GnuPG, and do so) are not the "target audience."  The target is the
> granny who won't put up with a passphrase in a million years.
> With tools yet to be created, people could get the benefits of encryption
> without having to understand it.  The robot CA will make those tools work
> better.

Yes, but *how*?  The goals are laudatory, but what exactly does this
give us in concrete engineering terms?  What makes this better then
Granny just going ahead and using an untrusted key?

We've discussed one reason thus far: it makes it a lot harder for
Mallory to perform a DoS attack against by publishing a bogus "Alice"
key.  Still, remember that Granny's software can defeat the same
attack by just encrypting to all "Alices".

What else is there?


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson