Robot CA at toehold.com
Fri Dec 6 10:54:02 2002
At 09:00 2002-12-05 -0600, you wrote:
>>Where's the benefit? If it was guaranteed that ALL keys would have
>>such a signature then there is the traffic analysis benefit of never
>>sending a message like in the second example. However, in the real
>>world there is no such guarantee.
>The benefit is in automation.
>Once you have a robot CA, you can make an email client that looks for
>recipient keys and automatically encrypts for them if they have the robot's
>signature. (More generally, it encrypts to any key that's considered
>valid, and you make the robot's key a trusted signer.)
>Once you have that, you can make the same client automatically generate a
>key on installation and get it signed. Then people are using encryption
>The "robot only" users won't know what's going on, but they get extra
>security anyway. Further, they're able to "graduate" to "real" GnuPG usage
>once they learn. They already have a key, and they can get a real
>signature on it at any time.
>The educated users can encrypt to people who don't know what's going on,
>and get encrypted mail from them. If they don't want those automated
>encrypted mails, they just don't get their key signed by the robot. If
>they don't trust the robot's signatures, they just mark the key untrusted.
>At the point that we have automatic encryption in the mail client, you need
>something to validate keys, or you get the attack where Eve makes a key
>with Alice's email address and publishes it. Then Alice gets encrypted
>mails she can't read. If Bob (the sender) can't figure out his mail
>client, he can't stop sending them.
>Thanks for reading this far. I think the robot is a first step on the way
>to transparent/zero-UI crypto. That's the point.
I agree with you Kyle! And this is a very important step to spread
encryption (cf the discussion "Why isn't everone doing it?). Encryption
must become invisible to be used by everyone. Thus much effort and brains
should be used to design this service. It will the base to build encryption
clients (invisible GUI) to users in the future. It's about the future for
GPG! If it's done right it will have an enormous impact!
It might be sufficient with the simple CA-robot you have designed. It does
the same job as the "sign up for a Microsoft Passport account"-procedure,
doesn't it? It just checks that a person has access to a certain e-mail adress.
It might be a good idea to add a check that the person has access to the
secret key as well eg by demanding a signed respons. That would add some
value to the service.
But it might be too complicated for the users? Or can it be made
automatically by the client? Would it be easy to add such features to
GPGOE, Eudora GPG and GPG Relay?
When I tested the service I thought a while about what happens if some one
(not me) sends my key to the robot-CA. And if someone sends a bogus key to
It wouldn't be much harm, would it?
The only feasible misuse I can think of is:
The Evil cracker E creates an e-mail adress in my name at eg. Hot Mail. He
creates a PGP-key for that adress and get it signed by the robot. He then
pretends to be me and fools some of my contacts to establish a "secure"
communication with him. What's the countermeasure? To check e-mails
accounts by phone?
Well, what about MS Passport? Microsoft have never phoned me to check my
Anyhow, it might be very important to verify the connection either between
the person and the e-mail adress (that's how people think "What's the
adress to ... How is his phonenumber?) or between the person and the key
(that's how cryptographers think!). Either will fill the gap:
The triangle connections between person-emailadress-key will be verified.
But I don't know how that will be accomplished! It doesn't matter if you
introduce a "signing challenge". It will NOT verify any connection to the
live person. It will only produce a false feeling of security and ad
complexity. Thus I think the CA-robot is fine as it is!
The verification of the connection person - emailadress cannot be made by
ANY robot! Any ideas how to do that verification? For X.509 certificates
this is made eg. by sending a mail that is to be collected in person at the
post office, where the receiver has to show an identification card. I think
this isn't completely safe and besides it is overdoing it for the purpose
of "safe e-mail for everyone". Why not use business cards, snail mail and
phone, tell people about your e-mailadress and ask other people. Thats what
we all are doing anyway, isn't it?
People would ask people about their e-mail address, but they would rather
not ask about their PGP-key fingerprint!
Thus I think the robot is wonderful as it is! I will recommend it to people.