Several questions as feedback on gnupg
Thu Jan 24 01:32:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 23 January 2002 23:25, Mike Touloumtzis wrote:
> On Wed, Jan 23, 2002 at 09:34:29PM +0100, Ingo Klöcker wrote:
> > Do the following for each email address/UID on the key:
> > 1. Generate some random text (it has to be different for each UID).
> > 2. Send this random text to the keyowner in an encrypted message.
> > 3. If the email address you sent the message to really belongs to
> > the keyowner he'll receive the message, decrypt it, read it and
> > reply to it quoting the secret random text.
> > 4. Now you simply compare if the random text he quotes is the same
> > that you sent to him.
> > By following this procedure you can assure that the keyowner has
> > access to the email addresses listed as UIDs in his key.
> Is this somehow more secure than just encrypting the signed key to
> itself, then mailing it to the email address in the signed UID?
> Given that your random text approach is much more complex and adds
> work, I'm trying to figure out if it adds any security.
> More specifically, your protocol guarantees that _all_ of the email
> addresses in the key you're given to sign are controlled by the key's
> My approach could make the same guarantee by splitting the
> key into several messages (using a secret splitting algorithm) and
> mailing one part to each email address. However, this stronger
> guarantee shouldn't be necessary if I understand the OpenPGP key
> format correctly.
A variant of your approach would be to do the following:
For each UID
sign the UID;
encrypt the signed key to itself;
mail the encrypted key to the email address in the signed UID;
delete the signature again from the UID;
> Once you have verified that I control all 17 email addresses in my
> key and sign it, there's nothing to stop me from adding an evil 18th
> UID and getting my goofball non-OpenPGP-understanding friends to sign
Unfortunately this is always the problem with the web of trust. But if
nobody (except your "goofball non-OpenPGP-understanding friends" ;-) )
trusts your "goofball non-OpenPGP-understanding friends" then the evil
18th UID won't be valid for anyone (except ...) and therefore it would
be quite harmless.
> I could have already had this evil UID, in fact; maybe I just
> stripped it from the version of the key I sent to you.
I would of course download your key from a key server to hinder you from
sending me a specially prepared key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----