Keys not trusted

David Shaw
Fri May 16 03:54:03 2003

Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 11, 2003 at 02:55:23PM +0200, Ingo Kl=F6cker wrote:

> > One way to pick the best key for such e-mail only acquaintances would
> > be for people within various communities to all use a single robot
> > authentication authority (for example:
> >  Some members of this list, such as
> > GnuPG developer David Shaw, consider this to be a bad idea.
> The RobotCA simply verifies the email address. You can easily do this=20
> yourself by sending an encrypted challenge to the person you want to=20
> communicate with. (Yes, I know that an encrypted challenge will only=20
> verify the encryption key.)
> > Shaw=20
> > proposes that when no trust path to an e-mail exists, the mail client
> > should encrypt to all available keys for the given e-mail address
> > (warning the user appropriately). Then when/if the party you sent to
> > replies, you can set the definitive key based on the key they use in
> > their reply.
> This isn't really a good idea. You encrypt with a valid and with a=20
> forged key. The message is intercepted, decrypted and answered by the=20
> forger. You have been fooled.

Yes.  To give context here, both the robot CA and my proposal were
presented in the context of "if we drop the requirement to be
resistant against man-in-the-middle, can we make things easier to
use?".  It is most emphatically NOT as secure as using the web of
trust properly.  For some people though, the tradeoff is worth
it... and of course, for some, it isn't.

It's one of those eternal questions whether it is better if a system
is perfectly secure, but not many people use it, or if it is less
secure, and many people use it.  One way to put this is to ask whether
it is better to encrypt and be vulnerable to a man in the middle
attack... or to not encrypt and be vulnerable to everything ;)


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3-cvs (GNU/Linux)