Questions about generating keys

Robert J. Hansen rjh at sixdemonbag.org
Sat Aug 25 07:06:34 CEST 2007 

Oskar L. wrote:
> That the key is authentic means that it is the key Bob wanted you to have,
> and has not been changed in a man-in-the-middle attack or by any other
> means.

This is not the definition I have seen in use in the field.  In
formalisms, authentication is usually presented as some variety of
inductive reasoning about trust.

> Think of it this way. Let's say you don't trust Google for some reason.
> Then you go to https://mail.google.com, and verify that the SSL
> certificate is correct, so you can be sure your not on a phishing site.
> Would you now claim that the site isn't authentic, just because you don't
> trust Google?

Darn right I wouldn't.

If I had good reason to believe Google was up to something nefarious,
there is nothing in heaven or earth that would cause me to say "yes,
that site is authentic."

Trust is the ultimate dealbreaker.  Always has been, always will be.

Authentication in a nutshell, can be summed up in a single sentence.
Unfortunately, you get two choices in how to finish it.



I believe this thing to be authentic, because...

	* I just do, all right?
	* I note it has something authentic which vouches
	  for it.



Choose one of the two statements.  If you choose the latter, then
continue the chain.  An example follows:

When my friend John Hawley receives a signed email message from me, he
might deem it authentic because it has a valid signature.

Why is the signature authentic?  Because the key which made the
signature is authentic.

Why is the key which made the signature authentic?  Because a signature
on that key is authentic.

Why is that signature authentic?  Because the key which made that
signature is authentic.

Why is the key which made the signature authentic?  Because that's
John's own key.

Why does that make the key authentic?  Because he just does, all right?



... Trust underlies all authentication.  Follow an authentication chain
far enough and you will always, inevitably, reach trust, some level
where the answer is "because I just do, all right?"  At that point
you've reached your inductive case.  Everything starts from there.

But, in the absence of that first trust, authentication fails.  This is
why trust is a necessary precondition for authentication.  Without it,
everything falls apart.

Authentication is, for lack of a better phrase, a formal inference
system for trust.  Think PROLOG with different semantics.

> If you do not trust Bob, you can do gpg --edit-key Bob, then type trust.
> You will be given these options:

Arguing from user interface design, as opposed to first principles, is
something new to me.  In fact, your argument undercuts what you're
trying to argue.  OpenPGP provides such a varied level of trusts
precisely because the calculus of trust is so subtle.

More information about the Gnupg-users mailing list