Robot CA at toehold.com

Kyle Hasselbacher kyle@toehold.com
Fri Dec 6 18:38:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Dec 05, 2002 at 07:15:48PM -0500, David Shaw wrote:
>On Thu, Dec 05, 2002 at 05:15:36PM -0600, Kyle Hasselbacher wrote:

>> If I have a key with no signatures, I don't use it.  If all of this
>> software worked today, I'd have mine configured to ignore any key that is
>> not signed by the robot (or someone I trust).
>> 
>> Perhaps that's why I think this is useful.
>>
>> I could be wrong in doing this, though.  Since I'm so used to sending mail
>> in the clear, I'd rather do that than have to resend something when my
>> recipient squawks "can't decrypt with this bogus key" (or merely "this
>> isn't important enough to make me type my passphrase").
>
>Yes, I can't see how this behavior makes sense in an open community.
>Even if Alice's key has no signatures, it's still better than
>plaintext.  At least attempting to send encrypted text first means you
>at least have a chance of getting encrypted mail through.  Sending
>plaintext gives you no chance.

I guess I'd rather have my message go through on the first try.  I only
want to use encryption when I'm sure it's welcome.  Maybe I'm more social
than secure.

I have a key, and it's published, but I still don't get much encrypted
email because my friends don't use it.  Right now if someone made a
duplicate key for me, it wouldn't make much difference.  The attacker's key
would be used as rarely as mine is.

When things get automated (and most people are encrypting to whatever key
they can find that matches the recipient), the duplicate key attack gets
easier.  If Alice doesn't have a key, she gets DoSed massively and easily.
She has to tell all her contacts to stop encrypting, and they have to
figure out how to do that (many of them may not have known they were doing
it in the first place).  And she'll have the same problem with every new
person who tries to contact her.  She has no way to stop it other than to
make her own key, get it certified, and publish it next to the bogus one.

I don't want the automation to make such a big headache for people who
haven't yet caught on.

>> I consider having a key that's not verified to mean that Alice can get
>> encrypted mail if she has to, but she doesn't want to get it all the time
>> from everyone.  This makes sense to me since I know people who can do
>> encryption for something "sensitive" but don't want to do it routinely.
>> Having the robot's signature is a flag for strangers to tell them that
>> routine encryption is encouraged.
>
>Why not have Alice indicate this for herself on her own key?  Simpler,
>and less prone to problems if Alice gets to say for herself.

Is there a way to do that?  I hope I haven't reinvented the wheel.

>I think what this all comes down to is the question to the end user:
>Are you willing to only encrypt to keys that the robot has validated?
>If the answer is "no", then the robot has no benefit for them.  This
>is why I think it's a non-starter for open communities.

End users aren't meant to think about that question.  I'd answer it "yes."
If I were writing the software, I'd want to make it an option either way.
- -- 
Kyle Hasselbacher
kyle@toehold.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE98ODG10sofiqUxIQRAr+WAJ0Yi5qMmus5Vbj42hfgOQ711X2EkgCg9qme
zpreTIRJ7c0MJtMoYN6WBk4=
=J0PK
-----END PGP SIGNATURE-----