revoked key - was: Re: key-signing for pseudonyms

David Shaw dshaw at jabberwocky.com
Sun May 23 17:58:21 CEST 2004


On Sun, May 23, 2004 at 11:23:07AM -0400, Jerry Windrel wrote:
> 
> ----- Original Message ----- 
> From: "David Shaw" <dshaw at jabberwocky.com>
> To: <gnupg-users at gnupg.org>
> Sent: Sunday, May 23, 2004 12:28 AM
> Subject: Re: revoked key - was: Re: key-signing for pseudonyms
> 
> 
> > > >This is fixed in the updated OpenPGP draft, and GnuPG will have the
> > > >fix as soon as it is standardized.
> > >
> > > Can you describe the fix?  Would this fix also address the simpler
> > > attack I outlined here?
> >
> > The fix is fairly simple conceptually.  Just have the signing subkey
> > issue a signature on the primary key.  Mallet could not issue such a
> > signature.  It does not address the attack you mention.  That attack
> > is a social problem, and is thus resistant to technical solution.

> Can you explain what exactly the "social problem" is?  What are the signers
> doing wrong exactly?

A person signing a key (certifying it) is saying, in effect, "I vouch
that this public key and this user ID are bound together."  That is,
that the entity described in the user ID is the owner (for some value
of "own") of the public key in question.

The social problem is that many people don't bother to actually read
what the user ID says before making this statement.  If I am going to
vouch for a binding, I'm going to make reasonably sure that the name
in the user ID is actually the name of the person, and I'm going to
make reasonably sure that the email address in the user ID actually
reaches the person.

David



More information about the Gnupg-users mailing list