PGP/MIME considered harmful for mobile

David Shaw dshaw at jabberwocky.com
Thu Mar 3 05:17:06 CET 2011


On Mar 2, 2011, at 10:04 PM, Ben McGinnes wrote:

> On 1/03/11 9:33 AM, David Shaw wrote:
>> 
>> That experiment, while interesting, is not relevant to the "real
>> Martin" / "fake Martin" situation we've been talking about.  If both
>> Real Martin and Fake Martin have the same secret key, then there is
>> no way to tell them apart using signatures.
> 
> Hang on, maybe I got lost in this thread, but I thought they had
> different keys, but "fake Martin" had managed to generate one with the
> same key ID (possibly the same fingerprint) as "real Martin"
> ... right?

The premise (more or less) was that a guy named Martin (RM) was on a mailing list and signed all his mail.  After some time, a new guy (FM) shows up and claims that he is, in fact, Martin.  FM may have his own key or may not have a key at all.  It doesn't matter, because the members of the mailing list can see, by means of RM's signatures, a continuity of communication.  They can tell RM apart from FM, simply because only RM can issue the signatures they've been seeing on his messages.

Now, there are limits to this technique.  They can't tell who is really "Martin" (i.e. they can't bind the name to a real-world person) without some other information, but in the context of Internet communication that frequently doesn't matter.  They can tell which one is the guy they've been talking with for all this time.  Which one is *their* Martin, if you like.

Despite all the noise in the thread, it's nothing terribly odd.  It's just the way nym keys work.

David




More information about the Gnupg-users mailing list