Robot CA at toehold.com

Kyle Hasselbacher kyle@toehold.com
Fri Dec 6 18:18:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Dec 06, 2002 at 10:53:38AM +0100, Per Tunedal wrote:

>It might be a good idea to add a check that the person has access to the 
>secret key as well eg by demanding a signed respons. That would add some 
>value to the service.

The suggestion made here is to encrypt the response with the key I'm
signing.

>But it might be too complicated for the users? Or can it be made 
>automatically by the client? Would it be easy to add such features to 
>GPGOE, Eudora GPG and GPG Relay?

The idea eventually is that the client would do a lot of this
automatically.  Behiind the scenes, it generates a key, submits it to a
robot, receives the signed key, and publishes it to a key server.  Then
when it's sending mail, it checks the key server for keys belonging to the
recipient.

>When I tested the service I thought a while about what happens if some one 
>(not me) sends my key to the robot-CA. And if someone sends a bogus key to 
>the robot.
>It wouldn't be much harm, would it?

If I encrypt the responses, I see no harm (besides you getting unwanted
email).  With the responses unencrypted, you only have to worry about the
user taking the bogus key and publishing it.  That could be done with some
social engineering.

>The only feasible misuse I can think of is:
>The Evil cracker E creates an e-mail adress in my name at eg. Hot Mail. He 
>creates a PGP-key for that adress and get it signed by the robot. He then 
>pretends to be me and fools some of my contacts to establish a "secure" 
>communication with him. What's the countermeasure? To check e-mails 
>accounts by phone?

Well, this attack works just fine without the robot.  The attacker
convinces your contacts to use the wrong email address.  Your contacts
already have to check your email account by phone (or some other way).  The
robot doesn't change this.

>Anyhow, it might be very important to verify the connection either between 
>the person and the e-mail adress (that's how people think "What's the 
>adress to ... How is his phonenumber?) or between the person and the key 
>(that's how cryptographers think!). Either will fill the gap:
>The triangle connections between person-emailadress-key will be verified.

My employer could verify that my work email address belongs to me.  They've
already checked my ID and such when they hired me.  If they're going to do
that, they could just sign my key whole.  If you would be satisfied looking
up my employer's phone number, calling, and verifying with someone that I
do work here, and this is my email address, you could maybe connect the
email address (and key) to me.

I think connecting a person to an email address is not much easier than
connecting a person to a key.

>People would ask people about their e-mail address, but they would rather 
>not ask about their PGP-key fingerprint!

That's true.
- -- 
Kyle Hasselbacher | Hanlon's Razor:  Never attribute to malice that which
kyle@toehold.com  |                  is adequately explained by stupidity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE98Nwm10sofiqUxIQRAkY6AJ9m7Qdm0qjA5SQRpRMvjhsvb6scuwCfWfBn
KvAsr26AE7ZMFYYZ4cqPniQ=
=lZLm
-----END PGP SIGNATURE-----