Several questions as feedback on gnupg

Mike Touloumtzis
Wed Jan 23 23:28:01 2002

On Wed, Jan 23, 2002 at 09:34:29PM +0100, Ingo Kl?cker wrote:
> Do the following for each email address/UID on the key:
> 1. Generate some random text (it has to be different for each UID).
> 2. Send this random text to the keyowner in an encrypted message.
> 3. If the email address you sent the message to really belongs to the 
> keyowner he'll receive the message, decrypt it, read it and reply to it 
> quoting the secret random text.
> 4. Now you simply compare if the random text he quotes is the same that 
> you sent to him.
> By following this procedure you can assure that the keyowner has access 
> to the email addresses listed as UIDs in his key.

Is this somehow more secure than just encrypting the signed key to itself,
then mailing it to the email address in the signed UID?  Given that your
random text approach is much more complex and adds work, I'm trying to
figure out if it adds any security.

More specifically, your protocol guarantees that _all_ of the email
addresses in the key you're given to sign are controlled by the key's
owner.  My approach could make the same guarantee by splitting the key
into several messages (using a secret splitting algorithm) and mailing one
part to each email address.  However, this stronger guarantee shouldn't
be necessary if I understand the OpenPGP key format correctly.

Once you have verified that I control all 17 email addresses in my key
and sign it, there's nothing to stop me from adding an evil 18th UID
and getting my goofball non-OpenPGP-understanding friends to sign it.
I could have already had this evil UID, in fact; maybe I just stripped
it from the version of the key I sent to you.