Migrating keys (fwd)

Atom 'Smasher' atom-gpg at suspicious.org
Sat Nov 29 18:44:11 CET 2003

> > i'm not trying to say that signing someone else's key is a certification
> > that their sub-key(s) are authentic (i'm actually trying to point out
> > where that common assumption breaks down), but it's generally considered
> > to be the case, and the current trust model doesn't complain when that
> > assumption is made.... in fact, the current trust model helps people feel
> > comfortable making that [false] assumption.
> >
> > although a 3rd party signature really does bear no relationship to the sub
> > key(s), most of us consider it convenient to think that it does.
> Don't.
> I've never met anyone who believed this, but rather than spending a
> lot of time and effort to try and change the standard to remove
> something that is a significant *feature* of the standard.... why not
> just accept how things actually work?

the confusion continues.... i think that most users, esp new users, to
PGP/GPG don't understand that alice's signature on bob's key is *ONLY*
vouching for bob's signing key, *NOT* bob's encryption key(s). i think
most users, and especially most new users, don't really understand about

it's not that i'm complaining about the system, rather, i'm complaining
about how the system fits into the way people *think* the system works. i
would expect that most people _on_this_list_ know more about the system
than the general public, and i'm basing many of my assumptions on the way
that [i think] the general public looks at this system.

the two questions that remain are:
 1) is there a way to not only trust, but verify someone's sub-key?
is there an easy and/or standardized way for bob to meet with alice and
allow them both to verify each other's sub-keys? they can do this for
their signing keys by exchanging and confirming their key types, sizes and
fingerprints, but i don't know of any application that generates
fingerprints of sub-keys.

 2) if we trust that bob's signing key has not been compromised, is there
a difference between accepting a new key because bob adds a new sub-key to
his public-key; and accepting a new key because bob sent a signed email
that instructs us to do so. in both cases, bob's old key (that we trust)
has signed his new key (which we might not trust, yet). how do i know that
the new key bob generated is the same new key that i think is his new key?
if bob's signing key has been compromised, i could have a new key "from
bob" that's not the same key that bob generated. is this type of attack
likely? i really don't think so, but the question remains.... is there a
(quick, easy and painless) way that me and bob can be sure that we're both
talking about the same sub-key?

looking at rfc 2440 (11.2) it looks like an application should be able to
generate fingerprints for sub-keys. for some applications, it's good
enough enough to trust... other times things should be verified.


 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"They that can give up essential liberty to obtain a little
	 temporary safety deserve neither liberty nor safety."
		-- Benjamin Franklin

More information about the Gnupg-users mailing list