trust your corporation for keyowner identification?

Wed Oct 23 20:52:42 CEST 2013

On 23/10/13 19:26, Stan Tobias wrote:
> Later someone discussed a paradox (they used the word "dichotomy",
> but I think it's a wrong word here - maybe they wanted "dissonance"):

Paradox would be the best and is what I should have used. Not dissonance.

> The paradox is removed when we realize that the notary's signature is
> not a statement about the identity of the person.

I strongly disagree. The paradox is created by the fact that you screw up my Web
of Trust parameters by signing stuff based on other people's OpenPGP signatures.

> One may assume the
> corporation's proper personal identification, but one cannot derive from
> the notary's signature the person's willingness to use the key (iow -
> ownership of the key).

I don't see how willingness is ownership in other words. The concepts seem
rather dichotomous, oh sorry, disjoint to me :).

But since I wouldn't sign a key where the owner didn't give me the Key ID
theirself, it would indicate willingness. Even stronger, it wouldn't even
indicate ownership: they could have given me the Key ID of a key where somebody
else, the real owner of the key, made a User ID with their name in it. I can't
verify ownership: even if I see them making a signature right before my eyes,
they could secretly be talking to an automated service somewhere that actually
makes the signatures, and they might not have access to the key at all. I
wouldn't go so far as to stick them in a Faraday's cage to ensure they can't
communicate with the real owner of the key.

> I've thought up these similar cases, where the will of the person is
> communicated through a signed e-mail:
> 
> 1. Corporation establishes identity and signs the X's key.  Then, X
>    e-mails you "I use key 0xABCDEFGH".  The message is signed with the
>    same key.  Can you sign his key?  There's no reason to disbelieve
>    the identity (established by the corporation).  The question whether
>    to believe the authenticity of the message seems to hinge on the
>    truthfulness of the corporation's certification (Have they signed
>    the right key?  Are they pulling some joke?).
> 
> 2. Same as 1., but X's key is also signed by a few of your good friends,
>    who have personally checked X's ownership of the key - the probability
>    of foul play is infinitesimal.  Would you sign now?
> 
> 3. Your own cert is involved.  You sign X's key K1.  Then X sends you
>    "I also use key K2" signed with K1.  Will you certify K2?

Only 3. would perhaps qualify for a signature, in my opinion. The other 2 are
food for your trust database or perhaps local signatures, not for exportable
signatures.

I should add that signing a message that says "I use 0xABCDEFGH" with that same
key is a bit silly. (By the way, hex goes to F ;P). You use OpenPGP signatures
to add authentication to messages that can be forged otherwise. Those signatures
are only credible if you have verified that you have the correct key of that
person. It's not the other way around: the signature does not prove it's the
correct key, since the message could have been forged. You need a secure channel
to establish that it's the correct key, such as a face-to-face meeting. Or you
need to trust the corporation's signing key, but that belongs in your trust
database, not your exportable signatures.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>