Several questions as feedback on gnupg

Mike Touloumtzis miket@bluemug.com
Wed Jan 23 22:12:01 2002 

On Wed, Jan 23, 2002 at 05:29:20PM +0100, Johan Andersson wrote:
> 
> On Wed, 23 Jan 2002, Loic Bernable <leto@vilya.org> wrote:
> > - A friend of mine pointed out the problem that may occur with persons
> >   who have a common name and surname. Let's suppose your name is "John Doe
> >   jd@yahoo.com". Now, imagine there is another John Doe, that generates
> >   a GnuPG key with *your* email address. If someone meets the latest,
> >   they could check his ID or driving license or whatsoever, but finally
> >   there would be no way for him to know it is *not* the John Doe related
> >   to the "jd@yahoo.com" address, and worse, John "Charlie" Doe's key
> >   would be legitimately signed by the third person, not yours. Is that
> >   clear enough ? :o) This can still be a problem ... Maybe one day we
> >   will have a thumbprint analysis tool that would complete our public
> >   key recording ?
> 
> I think I see what your concern is, and I've thought about it a bit
> myself.  My name is probably one of the most common names in Sweden.
> There's probably several dozens of people named Johan Andersson in the
> small city I live.
> 
> No documents I've read on signing keys and the web of trust have
> mentioned this.  It's been on my find-out-more-list for some time.

The email address is unique, though; this is what makes a global Web of
Trust work.  It piggybacks on a global infrastructure (DNS) for allocation
of unique IDs.  Otherwise there's no objective yardstick for signature
semantics (only "I know this person is really named Johan Andersson").
So far the PGP/GPG community has been small and tightly connected enough
that the issue of name clash has been mostly ignored IMHO.

This is why you should probably verify email address as well as real
name when you sign a key.  For example, encrypt the signed public key
to itself and mail it to its _own_ listed email address.  The widely
used keysigning party protocols don't do this, which is why I consider
many signatures in the current Web to be useless.  They are essentially
mechanically generated (following a protocol), but the protocol doesn't
confirm the more-unique part of the key.

Note that it's actually technically _easier_ for someone to adopt your
name (by legally changing theirs to match) than it is to adopt your
email address.  A name change in the courts would require a pretty
dedicated attacker, though.

miket