Robot CA at

David Shaw
Sat Dec 7 00:12:02 2002

On Fri, Dec 06, 2002 at 11:39:18AM -0600, Kyle Hasselbacher wrote:

> I have a key, and it's published, but I still don't get much encrypted
> email because my friends don't use it.  Right now if someone made a
> duplicate key for me, it wouldn't make much difference.  The attacker's key
> would be used as rarely as mine is.
> When things get automated (and most people are encrypting to whatever key
> they can find that matches the recipient), the duplicate key attack gets
> easier.  If Alice doesn't have a key, she gets DoSed massively and easily.

Absolutely, but this applies to the postmaster attack as well.
Remember that it is trivial for her postmaster to get a signed "Alice"
key without Alice's participation or knowledge.  Still, I agree that
this is a genuine example of "better than what we have now".

> >> I consider having a key that's not verified to mean that Alice can get
> >> encrypted mail if she has to, but she doesn't want to get it all the time
> >> from everyone.  This makes sense to me since I know people who can do
> >> encryption for something "sensitive" but don't want to do it routinely.
> >> Having the robot's signature is a flag for strangers to tell them that
> >> routine encryption is encouraged.
> >
> >Why not have Alice indicate this for herself on her own key?  Simpler,
> >and less prone to problems if Alice gets to say for herself.
> Is there a way to do that?  I hope I haven't reinvented the wheel.

See "Notation Data" in RFC 2440.  Alice can add a notation to her own
self-signature that indicates whatever she likes.  This is
particularly elegant for people who have more than one user ID on
their key, as they can indicate different preferences for each ID.

> >I think what this all comes down to is the question to the end user:
> >Are you willing to only encrypt to keys that the robot has validated?
> >If the answer is "no", then the robot has no benefit for them.  This
> >is why I think it's a non-starter for open communities.
> End users aren't meant to think about that question.  I'd answer it "yes."
> If I were writing the software, I'd want to make it an option either way.

If end users aren't meant to think about the question, why make it an
option? ;)  Seriously though, I can see a MUA would be useful with
Granny Mode as well as Expert Mode.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson