Robot CA at

Kyle Hasselbacher
Thu Dec 5 22:34:02 2002

Hash: SHA1

On Thu, Dec 05, 2002 at 03:38:16PM -0500, David Shaw wrote:
>On Thu, Dec 05, 2002 at 11:24:01AM -0600, Kyle Hasselbacher wrote:
>> The ultimate goal is to bring encryption to people who wouldn't have it
>> otherwise.  The benefit it brings is some extra security where there would
>> be none otherwise.  The users of this mailing list (who already know how to
>> use GnuPG, and do so) are not the "target audience."  The target is the
>> granny who won't put up with a passphrase in a million years.
>> With tools yet to be created, people could get the benefits of encryption
>> without having to understand it.  The robot CA will make those tools work
>> better.
>Yes, but *how*?  The goals are laudatory, but what exactly does this
>give us in concrete engineering terms?  What makes this better then
>Granny just going ahead and using an untrusted key?

This question is harder than I thought.  Perhaps I don't actually
understand it.

All this gives us is a binding between a key and an email address.  It
makes it safer to use that key when sending mail to that address.  It's
better than using an untrusted key because you can be more sure it will
work and not require the user to backtrack somehow.

>We've discussed one reason thus far: it makes it a lot harder for
>Mallory to perform a DoS attack against by publishing a bogus "Alice"
>key.  Still, remember that Granny's software can defeat the same
>attack by just encrypting to all "Alices".

If Alice doesn't have a key at all, Granny's software hasn't defeated the
attack.  It's also not defeated if Granny has a bogus key but not the real
one (though this seems less likely).

>What else is there?

I guess that's it.
- -- 
Kyle Hasselbacher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see