Robot CA at toehold.com

Kyle Hasselbacher kyle@toehold.com
Fri Dec 6 00:16:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Dec 05, 2002 at 05:03:34PM -0500, David Shaw wrote:
>On Thu, Dec 05, 2002 at 03:34:54PM -0600, Kyle Hasselbacher wrote:

>> All this gives us is a binding between a key and an email address.
>
>Agreed.
>
>> It makes it safer to use that key when sending mail to that address.
>
>Agreed.
>
>> It's better than using an untrusted key because you can be more sure
>> it will work and not require the user to backtrack somehow.
>
>Agreed, BUT: in the real world, there is no way to guarantee that
>every key holder will get this email checking signature.  Therefore,
>there will be some keys with, and some keys without.  Therefore we
>must handle both cases.  My thinking is that since we have to handle
>both cases, there is no benefit derived here.
>
>If Granny gets Alice's key, and it doesn't have the signature, her
>only proper course of action is to use the key untrusted since she
>doesn't know if Alice has had her key validated or not.

If I have a key with no signatures, I don't use it.  If all of this
software worked today, I'd have mine configured to ignore any key that is
not signed by the robot (or someone I trust).

Perhaps that's why I think this is useful.

I could be wrong in doing this, though.  Since I'm so used to sending mail
in the clear, I'd rather do that than have to resend something when my
recipient squawks "can't decrypt with this bogus key" (or merely "this
isn't important enough to make me type my passphrase").

>> >We've discussed one reason thus far: it makes it a lot harder for
>> >Mallory to perform a DoS attack against by publishing a bogus "Alice"
>> >key.  Still, remember that Granny's software can defeat the same
>> >attack by just encrypting to all "Alices".
>> 
>> If Alice doesn't have a key at all, Granny's software hasn't defeated the
>> attack.  It's also not defeated if Granny has a bogus key but not the real
>> one (though this seems less likely).
>
>If Alice doesn't have a key at all, then all schemes fail.  Let's
>presume at least that Granny can get some of Alice's keys.

If Alice doesn't have a key at all, and I refuse to use Mallory's
(unverified) key, then everything works fine (or as well as it did without
the attacking key).  That scheme "fails" if Alice has a key that's not
verified.  In that case, Alice just needs to get verified to get her mail
encrypted.

I consider having a key that's not verified to mean that Alice can get
encrypted mail if she has to, but she doesn't want to get it all the time
from everyone.  This makes sense to me since I know people who can do
encryption for something "sensitive" but don't want to do it routinely.
Having the robot's signature is a flag for strangers to tell them that
routine encryption is encouraged.
- -- 
Kyle Hasselbacher | What don't die can't live.  What don't live can't change.
kyle@toehold.com  | What don't change can't learn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9794Y10sofiqUxIQRApwRAJ9pv6OwP89/lnCAs2dwr2+x4mlwGACeNAJw
My6vDyspLg+apwGM82PtYE0=
=AiNH
-----END PGP SIGNATURE-----