Several questions as feedback on gnupg

Ingo Klöcker ingo.kloecker@epost.de
Thu Jan 24 01:32:01 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 23 January 2002 23:25, Mike Touloumtzis wrote:
> On Wed, Jan 23, 2002 at 09:34:29PM +0100, Ingo Klöcker wrote:
> > Do the following for each email address/UID on the key:
> > 1. Generate some random text (it has to be different for each UID).
> > 2. Send this random text to the keyowner in an encrypted message.
> > 3. If the email address you sent the message to really belongs to
> > the keyowner he'll receive the message, decrypt it, read it and
> > reply to it quoting the secret random text.
> > 4. Now you simply compare if the random text he quotes is the same
> > that you sent to him.
> >
> > By following this procedure you can assure that the keyowner has
> > access to the email addresses listed as UIDs in his key.
>
> Is this somehow more secure than just encrypting the signed key to
> itself, then mailing it to the email address in the signed UID? 
> Given that your random text approach is much more complex and adds
> work, I'm trying to figure out if it adds any security.
>
> More specifically, your protocol guarantees that _all_ of the email
> addresses in the key you're given to sign are controlled by the key's
> owner.

Exactly.

>  My approach could make the same guarantee by splitting the
> key into several messages (using a secret splitting algorithm) and
> mailing one part to each email address.  However, this stronger
> guarantee shouldn't be necessary if I understand the OpenPGP key
> format correctly.

A variant of your approach would be to do the following:
For each UID
{
  sign the UID;
  encrypt the signed key to itself;
  mail the encrypted key to the email address in the signed UID;
  delete the signature again from the UID;
}

> Once you have verified that I control all 17 email addresses in my
> key and sign it, there's nothing to stop me from adding an evil 18th
> UID and getting my goofball non-OpenPGP-understanding friends to sign
> it.

Unfortunately this is always the problem with the web of trust. But if 
nobody (except your "goofball non-OpenPGP-understanding friends" ;-) ) 
trusts your "goofball non-OpenPGP-understanding friends" then the evil 
18th UID won't be valid for anyone (except ...) and therefore it would 
be quite harmless.

> I could have already had this evil UID, in fact; maybe I just
> stripped it from the version of the key I sent to you.

I would of course download your key from a key server to hinder you from 
sending me a specially prepared key.

Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8T0VjGnR+RTDgudgRAiQUAJ4mOl9jOErowYPegziucV81ZB0GiwCg3R1d
u/aRm1a9SIxBm4gTB/RTM/w=
=pDWM
-----END PGP SIGNATURE-----