Signing a key (meaning)

[Aaron Toponce]

On Thu, Apr 07, 2011 at 10:31:24AM +0200, takethebus at gmx.de wrote:
> Definition: Signing a key means saying: "I confirm the full name in
> the key's ID is the keyowner's right name. The email address in the ID
> is the one the keyowner put there, but I cannot guarantee it's
> his/hers.

Yes you can, and that's the whole point. You need to verify that the key
they claim is theirs, is actually indeed their key.

> The person I do the fingerprint-check
> with (let's call him Peter Hansen)
> doesn't put his, but Anna's email address (anna at web.com)
> in the key's ID, because he managed to get access to it (attack).
> I don't check the email address, but the Name in
> the ID and sign the key. The ID is now: "Peter Hansen anna at web.com".
> Let's say Marie somehow get's this signed key. There are again two cases:

When verifying that the key belongs to the owner, you should be
establishing identity. This means if you don't know the person, you should
verify the name, fingerprint in the key, and verify some sort of
identification from the owner. So, if Peter Hansen stole Anna's key, it
should be obvious that the name in the key doesn't match the name on the
presented identification.

Further, if Anna setup her key, then her name and email are in the public
key. Signing the key doesn't automatically change her name to "Peter
Hansen", just because Peter has the key, so I'm not exactly sure what
you're saying here.

> Marie wants to send Anna a message.
> Although she recognizes Anna's email address and
> my signature, she will not use the key, because there's
> "Peter Hansen" written in the ID.

No, she won't, which is where I'm confused. Marie will see Anna's name in
the key, not Peter's. Further, the encrypted message will go to Anna's
email account, not Peter's. And, even if Peter did some how intercept the
encrypted message, if he doesn't have Anna's private key, what good is it?

> Marie wants to send Peter Hansen an encrypted email. Then she will
> use the key and send it to anna at web.de and Peter
> will even receive it, since he has access.

What? How? By sniffing the packets sent between MTAs? If Peter has access
to Anna's mail, then fine. But if he doesn't, his only way to the mail in
transit is to sniff packets or break into Marie's account.

The point of key signing is to build a decentralized web of trust. For
every signature you apply to a public key, you are indeed saying that you
have done careful checking to ensure that the key does in fact belong to
the owner it claims. The more the signatures on the key, the stronger this
statement becomes.

Sure, you can't be 110% sure that the owner didn't steal a laptop, create
fake credentials, and steal the identity of the key owner, collecting
signatures. However, the key owner should have been smart enough, that when
he/she generated the key, that they also generated, and printed, the
revocation certificate, so should his laptop get stolen, he can revoke the
key, publish it to the servers, and start over. And you're a good citizen,
because you refresh your public keyring from the keyservers regularly, and
would have caught the revocation before signing the key.

100% sure? Probably not. 98% sure? Most likely.

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110407/f030450c/attachment.pgp>