Robot CA at toehold.com

Per Tunedal pt@radvis.nu
Fri Dec 6 10:54:02 2002


At 09:00 2002-12-05 -0600, you wrote:

 >>
 >>Where's the benefit?  If it was guaranteed that ALL keys would have
 >>such a signature then there is the traffic analysis benefit of never
 >>sending a message like in the second example.  However, in the real
 >>world there is no such guarantee.
 >
 >The benefit is in automation.
 >
 >Once you have a robot CA, you can make an email client that looks for
 >recipient keys and automatically encrypts for them if they have the robot's
 >signature.  (More generally, it encrypts to any key that's considered
 >valid, and you make the robot's key a trusted signer.)
 >
 >Once you have that, you can make the same client automatically generate a
 >key on installation and get it signed.  Then people are using encryption
 >transparently.
 >
 >The "robot only" users won't know what's going on, but they get extra
 >security anyway.  Further, they're able to "graduate" to "real" GnuPG usage
 >once they learn.  They already have a key, and they can get a real
 >signature on it at any time.
 >
 >The educated users can encrypt to people who don't know what's going on,
 >and get encrypted mail from them.  If they don't want those automated
 >encrypted mails, they just don't get their key signed by the robot.  If
 >they don't trust the robot's signatures, they just mark the key untrusted.
 >
 >At the point that we have automatic encryption in the mail client, you need
 >something to validate keys, or you get the attack where Eve makes a key
 >with Alice's email address and publishes it.  Then Alice gets encrypted
 >mails she can't read.  If Bob (the sender) can't figure out his mail
 >client, he can't stop sending them.
 >
 >Thanks for reading this far.  I think the robot is a first step on the way
 >to transparent/zero-UI crypto.  That's the point.
 >- --
 >Kyle Hasselbacher
 >kyle@toehold.com

I agree with you Kyle! And this is a very important step to spread 
encryption (cf the discussion "Why isn't everone doing it?). Encryption 
must become invisible to be used by everyone. Thus much effort and brains 
should be used to design this service. It will the base to build encryption 
clients (invisible GUI) to users in the future. It's about the future for 
GPG! If it's done right it will have an enormous impact!

It might be sufficient with the simple CA-robot you have designed. It does 
the same job as the "sign up for a Microsoft Passport account"-procedure, 
doesn't it? It just checks that a person has access to a certain e-mail adress.

It might be a good idea to add a check that the person has access to the 
secret key as well eg by demanding a signed respons. That would add some 
value to the service.
But it might be too complicated for the users? Or can it be made 
automatically by the client? Would it be easy to add such features to 
GPGOE, Eudora GPG and GPG Relay?

When I tested the service I thought a while about what happens if some one 
(not me) sends my key to the robot-CA. And if someone sends a bogus key to 
the robot.
It wouldn't be much harm, would it?

The only feasible misuse I can think of is:
The Evil cracker E creates an e-mail adress in my name at eg. Hot Mail. He 
creates a PGP-key for that adress and get it signed by the robot. He then 
pretends to be me and fools some of my contacts to establish a "secure" 
communication with him. What's the countermeasure? To check e-mails 
accounts by phone?

Well, what about MS Passport? Microsoft have never phoned me to check my 
e-mailadress.

Anyhow, it might be very important to verify the connection either between 
the person and the e-mail adress (that's how people think "What's the 
adress to ... How is his phonenumber?) or between the person and the key 
(that's how cryptographers think!). Either will fill the gap:
The triangle connections between person-emailadress-key will be verified.

But I don't know how that will be accomplished! It doesn't matter if you 
introduce a "signing challenge". It will NOT verify any connection to the 
live person. It will only produce a false feeling of security and ad 
complexity. Thus I think the CA-robot is fine as it is!

The verification of the connection person - emailadress cannot be made by 
ANY robot! Any ideas how to do that verification? For X.509 certificates 
this is made eg. by sending a mail that is to be collected in person at the 
post office, where the receiver has to show an identification card. I think 
this isn't completely safe and besides it is overdoing it for the purpose 
of "safe e-mail for everyone". Why not use business cards, snail mail and 
phone, tell people about your e-mailadress and ask other people. Thats what 
we all are doing anyway, isn't it?

People would ask people about their e-mail address, but they would rather 
not ask about their PGP-key fingerprint!

Thus I think the robot is wonderful as it is! I will recommend it to people.

Per Tunedal