Robot CA at

David Shaw
Thu Dec 5 23:27:02 2002

On Thu, Dec 05, 2002 at 04:03:00PM -0600, Kyle Hasselbacher wrote:
> Hash: SHA1
> On Thu, Dec 05, 2002 at 09:52:39PM +0100, Volker Gaibler wrote:
> >On Thu, Dec 05, 2002 at 11:43:12AM -0600, Kyle Hasselbacher wrote:
> >> bogus-but-signed key.  Challenge/response systems have the same problem,
> >> however.  In a sense, if the attacker can intercept the victim's email, the
> >> verification is working--the attacker DOES have access to that email
> >> address, and that's all the robot is trying to find out.  From the robot's
> >> point of view, there's no difference between this and two (or more) people
> >> who legitimately and knowingly share an email address.
> >
> >But why use encryption at all in that case? Slightly simplified:
> >If someone can read your unencrypted mail (sysadmin or somebody sniffing
> >network traffic) - and that's what you want to prevent - also can create
> >bogus-but-signed keys.
> That situation is made no worse by having non-working encryption.
> Hopefully the user gets a key working BEFORE people start sniffing.  When a
> doppleganger shows up, hopefully people will notice.  There's some optimism
> there, I know.

This still doesn't stop the doppelganger.  The postmaster attack lets
someone get a signed key in addition to the user's signed key.  Then
there would be two seemingly identical "Alices" on the keyserver.  If
people do notice, how do they pick from between the two?  ("I'm
Spartacus!  No, I'm Spartacus!").

> Do you not bother to lock your bicycle when you know there are people with
> bolt cutters?  Envelopes can be steamed open, but I still use them.  What
> I'm proposing is "better than nothing".  It is NOT absolute security.  It's
> merely better than the (terrible) security that's there now.

The thing is, I'm not sure this is actually better than nothing.  Like
I said in another email, it is certainly better than nothing if you
can guarantee that everyone in the community uses it (closed
community), but what change does it actually make in the use of
encryption outside of a closed community?  What benefits does it give?

At worst, I can accept that it is harmless (except for that false
sense of security), but if something is harmless and without a real
benefit, why do it at all?


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson