Why CAs or public keysigning?

Peter L. Smilde peter.smilde@smilde-becker.net
Thu Jun 19 18:47:01 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dennis Lambe Jr. wrote:
| If you go out searching for my key, you may find keys that aren't mine,
| or keys that are mine but that I lost the secret key for and can't
| revoke, but which clearly state that they belong to "Dennis Lambe Jr.".
| The existence of a public key with my name on it doesn't belong to me
| with any more confidence than an entry in the phone book with my name on
| it.

In my phone book I see dozens of duplicate names and when I am searching
for the number of some person it is very usual, that I have to check the
adress or to try several numbers to get to the right one. At least I
usally ask: "Are you the <name>, who is <some details describing him>",
or I try to recognize his voice, which has the same purpose.

|  /However/, if you use the signature on the end of this message to
| retrieve my public key, and you trust the signatures you find there,
| then you know that not only am I probably /a/ Dennis Lambe Jr., but that
| I'm /the/ Dennis Lambe who wrote this message, and therefore the one
| you'd reply to if he's the Dennis you're interested in.

OK, I'd reply to you, but possibly not to the Dennis Lambe I expect to
reply to.

Example: Assume you (let's call you DLJ_A) want to offense some other
Dennis Lambe Jr. (DLJ_B). Then you could write emails, which seem to
originate from DLJ_B, containing offensive opinions or proposing illegal
activities. Most readers checking your signature will assume that it is
DLJ_B writing and signing this email. Your (DLJ_A) signers checked your
ID/UID, but the readers can assume that it is DLJ_B, because there is no
way differenciate between the two of you, with only the UID on the key
(assuming again that there are no signatures of people they can ask
personally (case 2 or 3 of my original posting)). You could even ask
people to send you encryted emails, when they agree with your illegal
proposals, and they will send you that, because they think that only
"evil DLJ_B" could read their approval. (OK, they could ask him by
phone, if he really wrote that email, but then they did't need to rely
on signatures anymore.)

| I guess there are two points here:
| 1) If you go out searching for a key, you might get misleading
| information.  If someone sends you a key, the WoT can verify that it is
| who it says it is.

That's not completely true: see example above.

| 2) The likelyhood of two people you're <=3 degrees from having the same
| name may be high enough to be of consequence, but the likelyhood that
| one of them is one of the malicious agents trying to get their hands on
| your data is considerably lower.

I agree.

|  If it's still not good enough for you,
| then adjust your trust calculation parameters (what are they called?) so
| that only your most trustworthy compatriots can convince you that
| another key is genuine, and check facts about his key with them if you
| need to.

OK.

| The WoT greatly reduces the abilities of entities that wish to
| masquerade as valid recipients of your message.  Nothing is foolproof,
| not even strong crypto or PKI.

Right, but I still have the feeling, that it is still much, much better
to contact key-owners directly or to accept only signatures of people I
know to be in contact with the "right" key-owner, than accepting
signatures of CAs and "public keysigners". This is what I wanted to
check with my posting.

Thanks,

- --

Peter L. Smilde
Finther Strasse 6
D-55257 Budenheim
Germany

Tel: +49 6139 5325
Fax: +49  721 151517676
Email: peter.smilde@smilde-becker.net

GnuPG(PGP)-Key:
1024D/B0E4BF99 2002-10-23 Peter L. Smilde <peter.smilde@smilde-becker.net>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+8elcFCtQzrDkv5kRAnKsAJ4mYKuHwuSBa8kWMaUbxNhi5gTa9QCfY0j5
wwIm1YbwIdf5gwbF/E3+CC8=
=ie1r
-----END PGP SIGNATURE-----