trust your corporation for keyowner identification?

Wed Oct 23 19:26:58 CEST 2013

"Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
> On 10/22/2013 11:01 AM, Stan Tobias wrote:
> > But this is not a real identification - almost none of us
> > has means to confirm an identity, which is a job for a detective.
[...]
>  As far as the U.S. Marshal was concerned, my identity had been proven
> to a sufficient degree.  He certainly didn't conduct a background check
> on me.

Then by checking your documents he casually confirmed your identity with
some low probability of error (taking some assumptions).  But if I were
him, I wouldn't tell I could _vouch_ for it (your identity, that is;
documents are no proof).

> That phrase, "to a sufficient degree," is important.  You cannot ever
> verify someone's identity 100%, 
[...]
> OpenPGP is completely silent about what level of confidence you should
> have for a certification.  It only says that when you sign a
> certificate, you are making an assertion about identity: that, to a
> level exceeding your threshold of certainty,

(I believe you, but where does it say so?  I couldn't find it in rfc4880.)

> such-and-such an identifier
> is an accurate descriptor for the individual or agency who controls the
> private part of a certificate.

Then I probably should never sign any key.  I'm only certain of what I
can prove, and then I can merely believe my logic didn't have any flaws.

I was triggered by your earlier statement "I am vouching for the identity
of X."  This is one of the points I made: we can only establish a belief
in someone's identity.  What we vouch for is that the person is willing to
use the key (we might call it "identifying the owner", which is not the
same as establishing that X is really X).  That's probably not everything
we vouch for, if you care to read to the end.

Later someone discussed a paradox (they used the word "dichotomy",
but I think it's a wrong word here - maybe they wanted "dissonance"):

Peter Lebbing <peter at digitalbrains.com> wrote:
> The dichotomy is thus: if the notary does not sign keys, I would be okay
> with people signing keys based on the notary's verification efforts. But
> if that same notary did everything he or she did before *and* did
> something extra, namely signing keys, suddenly I'm not okay with people
> signing keys based on the notary's verification efforts. That's odd.

The paradox is removed when we realize that the notary's signature is
not a statement about the identity of the person.  One may assume the
corporation's proper personal identification, but one cannot derive from
the notary's signature the person's willingness to use the key (iow -
ownership of the key).  That is what only that person may communicate
to you (and by making a cert you become a witness to the fact).

I've thought up these similar cases, where the will of the person is
communicated through a signed e-mail:

1. Corporation establishes identity and signs the X's key.  Then, X
   e-mails you "I use key 0xABCDEFGH".  The message is signed with the
   same key.  Can you sign his key?  There's no reason to disbelieve
   the identity (established by the corporation).  The question whether
   to believe the authenticity of the message seems to hinge on the
   truthfulness of the corporation's certification (Have they signed
   the right key?  Are they pulling some joke?).

2. Same as 1., but X's key is also signed by a few of your good friends,
   who have personally checked X's ownership of the key - the probability
   of foul play is infinitesimal.  Would you sign now?

3. Your own cert is involved.  You sign X's key K1.  Then X sends you
   "I also use key K2" signed with K1.  Will you certify K2?

Signing X's key would feel to me a bit like proving a theorem by
assuming it is true, but then I don't see where exactly it would be
wrong to sign in the last case.  It seems that in vouching for the X's
will having been communicated to us, we also want to include the fact
that the communication channel is independent - but of what?

Stan.