Signing a key (meaning)

Kevin Lists.gnupg at mephisto.fastmail.net
Thu Apr 7 15:49:31 CEST 2011


On Thu, Apr 07, 2011 at 10:31:24AM +0200 Also sprach takethebus at gmx.de:
>Hi everybody out there,
>
>I put some thoughts on the meaning of signing a key and came to an
>unusual definition. Maybe someone likes to discuss it with me, since
>I'm not quite sure whether I should recommend others to interpret
>signing that way.
>
>Definition: Signing a key means saying: "I confirm the full name in
>the key's ID is the keyowner's right name. The email address in the ID
>is the one the keyowner put there, but I cannot guarantee it's
>his/hers.

I think you will have a hard time getting a consensus on what exactly
key signing means. To everyone, due diligence means something a little
different. E.G. for my purposes, it is generally sufficient that
I know the person who's key I sign is the one with whom I wish to
communicate. It makes no difference to me what name they go by, provided
it is the one I know them by. That is to say, if my friend, Robby
Parkfield, whom I have known for ten years, has actually been using an
alias all that time, I don't particularly care. It is enough _for my
purposes_ that I know him as Robby Parkfield, and that he is in
control of the key I sign. What other, arbitrary collection of symbols
some government has assigned to the entity I know by an alternative,
arbitrary collection of symbols, "Robby Parkfield", is of no importance
to me. But this also presupposes that I don't especially care who else
uses my signature, or for what purposes, outside my particular circle of
friends and associates (my local web of trust), all of whom presumably
know the entity in question as Robby Parkfield.

>Here are the reasons why I think this definition is handy:
>
>
>1. Assumption: Only the keyowner possesses the private key.

Why make that assumption? And even if the key is in the sole possession
of the keyowner at the time you sign it, does your signature guarantee
that the signed key will never be compromised at any time in the future?
If not, then I don't see how the assumption is valid.

>2. Assumption: The person I do the fingerprint-check with wants to
>receive a message from me.

What if you have little intention of corresponding directly with said
person? Might exchanging signed keys with him/her nevertheless be of
value in fortifying a web of trust?

>
>1. Assumption and 2. Assumption =>
>1. Conclusion: The person I do the fingerprint-check with sends me
>her/his own public key.
>
>1. Assumption and 2. Assumption =>
>2. Conclusion: The person I do the fingerprint-check put an email
>address in the public key's ID to which she/he has access. (we know
>that without taking a look at the email address AT ALL.)

I do not follow your reasoning here. How do we know that the keyholder
has access to the email address in the key without looking at it at all
(does sending email to the address in question qualify as "looking at
it")?

>
>3. Conclusion: If signing a key has the meaning as stated above, no
>information will be revealed to persons, who were not intented as
>recipient.

As recipient of what? The signed key? An encrypted message? As has been
discussed previously on this list, among other places, even the act of
signing a key can reveal _some_ information. If nothing else, it
establishes that you have some kind of relationship with the owner of
the key you signed. It may establish that you an he/she were in a
specific place at a specific time (e.g. a keysigning party), etc. The
words "no information" must be used with great care, because information
leaks out of every pore in even the best crypto-systems. Whether that
information is valuable or useful in some way, to a third party, is
another matter.

>
>"3. Conclusion" is true, because there are only to possible cases:
>
>1. Case:
>The person I do the fingerprint-check
>with puts his/her RIGHT email address in the key's ID.
>I don't check the email address, but the Name in
>the ID and sign the key.
>--> No problems.

I'm not sure one can smuggly declare that there are "no problems" with
signing a key without doing any verification of the email address(es)
contained therein. The email addresses are a substantial part of the
User ID, and if you fail to verify them AT ALL, should you really be
signing the key? This brings us back to my first paragraph: key signing
can mean different things to different people. Perhaps it is enough for
_your purposes_ to ignore the validity of the email addresses, just as I
don't particularly care about government issued forms of ID. However, it
is important to consider whether anyone else may someday view your
signature on the key, and what they might reasonably infer from it.

>
>2. Case;
>The person I do the fingerprint-check
>with (let's call him Peter Hansen)
>doesn't put his, but Anna's email address (anna at web.com)
>in the key's ID, because he managed to get access to it (attack).
>I don't check the email address, but the Name in
>the ID and sign the key. The ID is now: "Peter Hansen anna at web.com".
>Let's say Marie somehow get's this signed key. There are again two cases:
>
>2.1 Case:
>Marie wants to send Anna a message.
>Although she recognizes Anna's email address and
>my signature, she will not use the key, because there's
>"Peter Hansen" written in the ID.
>--> No problem.
>
>2.2 Case
>Marie wants to send Peter Hansen an encrypted email. Then she will
>use the key and send it to anna at web.de and Peter
>will even receive it, since he has access.
>--> No real problem.
>

I'll add:
2.3 Case: 
Marie wants to send Anna a message. Marie uses an email program, with
GnuPG integration, which automatically selects an encryption key based
on the email address entered into a composed message. Because you have
signed the key which has User ID "Peter Hansen <anna at web.com>", and
depending on Marie's trust settings, the message may be encrypted and
sent to that email address, with no further alerts. Peter reads the
message intended for Anna.

In the hypothetical case I present, it is perhaps Marie's fault for not
being more diligent in examining the keys she uses, but I think it is
plausible that a "normal user" might rely on software to automate a task
like that, without paying close attention to what's really going on. 

However, verifying "ownership" of an email address, vs. simply "access"
is a tricky task, and probably not feasible in all instances. So I'm not
sure how you, as the key signer, could defend against such an attack.

-- 
"Le hasard favorise l'esprit préparé."
                       --Louis Pasteur



More information about the Gnupg-users mailing list