Keysigning challenge policies/procedures

David Shaw dshaw at
Fri Jul 7 23:21:42 CEST 2006

On Fri, Jul 07, 2006 at 04:15:03PM -0400, Todd Zullinger wrote:
> Ingo Klöcker wrote:
> > On Friday 07 July 2006 17:09, Todd Zullinger wrote:
> [...]
> >> But that does mean that you can't get a signed key to someone if
> >> the key you've signed doesn't have any encryption capabilities,
> >> correct?
> > 
> > That's obviously correct. In this case you could give the key owner
> > a piece of paper with a random string and ask him to send it in a
> > signed message to your email address. Then you know that he can use
> > this key for signing messages. Obviously, you can't check the
> > validity of the email addresses belonging to this key (unless he's
> > got an encryption key you can use for checking the addresses).
> Is it really necessary to encrypt the challenge?  If the key has
> encryption capabilities, I would do so, but if it was a sign only key
> and I could not do so, just what sort of attacks or weaknesses are
> there in sending the challenge in the clear?  I've seen David Shaw
> point out that it didn't gain you much.  I'm just trying to work
> through the possible scenarios so I have them clear in my mind before
> trying to present this to a larger group, who may well end up with
> questions on this that I'd like to have better answers for than I do
> now.

There is no harm (and no real benefit either) in sending the challenge
NOT in the clear.  Either way, you're proving the same thing: whether
the email address goes anywhere and whether someone who has access to
the email also has access to the key.


More information about the Gnupg-users mailing list