trust your corporation for keyowner identification?

Stan Tobias sttob at privatdemail.net
Mon Oct 28 09:51:30 CET 2013


Peter Lebbing <peter at digitalbrains.com> wrote:
> On 24/10/13 01:15, Stan Tobias wrote:
> > No, there's no paradox.  Any liar will screw your parameters.
>
> The paradox was very clear in my post where I still called it a dichotomy. There
> was a paradox in my thoughts and conclusions, why do you suddenly state there is
> no paradox?

Because you said that the presence of notary's cert-sig diminished the
trust in someone else's certificate:

> The dichotomy is thus: if the notary does not sign keys, I would be okay
> with people signing keys based on the notary's verification efforts. But
> if that same notary did everything he or she did before *and* did
> something extra, namely signing keys, suddenly I'm not okay with people
> signing keys based on the notary's verification efforts. That's odd.

I say it does not, because basing one's certification on that of the
notary is not [the same as] basing one's certification on the notary's
verification efforts.

> And my original statement included: the moment I find out people sign keys
> purely based on OpenPGP signatures they trust, they get an "I do NOT trust" in
> my trust database. Obviously you also try to do this for liars,

Someone who bases his certification on someone else's, *is* a liar.
The notary's certification says "X has told me he uses this key".  One
cannot just look at it and honestly state the same without consulting X.

An interesting question is if it is allowable for someone to certify
X's signature (while contacting him personally), but where the personal
verification (X is really X) is performed by the notary, but the said
someone only has seen a signed (normal sig) statement by the notary,
while not having actually contacted the notary.  (In short: ownership
verification in Real World, but personal verification done remotely.)


> >Why do we accept, for
> > example, a conversation by telephone to validate a key fingerprint?
>
> Because these are verifications outside the Web of Trust.

I don't mean to argue against it, but I just don't see it.  Can you
show me, or point me to where it is shown, why recursive reliance on
valid certificates (or in general, signatures, WoT or not), for purpose
of certifications, can lead to undesirable effects?


> > But then cases 2. (2a) and 3. differ basically by your cert being included in
> > the set.
>
> No, the difference is that in case 3., you (hopefully) actually did the
> verification yourself for key K1,

Yes, that's what I've assumed: the WoT is "booted" correctly, in the
real world.

> an you extend this verification you did yourself to key K2. 

Yes, but by remote communication.  The reasoning goes like this: The
signature is validated by my certificate (or, in case 2a, by my friends'
whom I trust fully).  The message is authenticated by X's valid signature,
therefore the message has not been tampered with and its author is X.
X says he uses a new key K2.  Because I've got this message from X,
I have verified the ownership of K2, so I can sign it.

What's wrong with this reasoning?  Besides that, I don't see why I should
distinguish my certificate from the ones of my friends, if I trust
them all equally?  My owner verification of K1 was only relevant for
making proper certification; after that it's just another certificate.
(It might be worth considering a case where my friends are nodes of
a distributed machine, which were programmed by myself to trust each
other ultimately.)

[...]
> That's correct, you could be so demanding that you say that you
> insist on seeing the person face-to-face before you signed their key,
> because key K1 could have been stolen and you don't want to make /new/
> certifications based solely on a signed message.

I was rather assuming perfect host security (for simplicity), but
allowed human errors, and, of course, dishonest attackers.  Possibility
of stealing a key means we can no longer trust any communication.
(In particular, case 3 is no longer permissible, because I cannot
be sure it is actually X who is sending me the message).


> > If for some reason you would sign in cases 2a and 3, but not in case 2, X 
> > could trick you: 
[...]
> Sounds to me like you give a good point why you shouldn't sign in case 2a.

Or, if you don't mind 2a, then you shouldn't mind 2 either - essentailly
it's a proof they're equivalent.


"Paul R. Ramer" <free10pro at gmail.com> wrote:
> Stan Tobias <sttob at privatdemail.net> wrote:
> >Peter Lebbing <peter at digitalbrains.com> wrote:
> >> On 24/10/13 01:15, Stan Tobias wrote:
> >> > , then why do we believe WoT authenticates anything?  Why do we
> >accept, for
> >> > example, a conversation by telephone to validate a key fingerprint?
> >> Because these are verifications outside the Web of Trust.
> >Is that the only requirement?  Then I have fantastic news for you!

My tongue-in-cheek answer was meant as a reflection over two things: all
crypto systems are essensially equivalent in sense they offer the same
primitives, and they don't open a different channel for communication.
We build our beliefs either on our own experience, or we trust what
others say.  WoT is just another technical realization of the latter, and
communication authenticated through ClosedGPG did not offer any more
advantages than through OpenPGP.

As to phone conversation, this is just another means of exchanging
information.  In my understanding, a second channel is opened only when we
can recognize someone by voice and we can get additional clues about who
we speak to.  So, for example, calling my bank if I don't know the person
I speak to is no different than sending an e-mail.  

> The idea of using a different channel for confirming key details such as
> a key fingerprint is really a way of trying to avoid a man-in-the-middle
> attack on the verification of the key and its UIDs.  It is not entirely
> foolproof--nothing is.

I don't understand how man-in-the-middle fits here, I was explorig an idea
if a trust (belief) once correctly initiated could later be transferred
purely remotely (electronically), without physical contact.

Documents (e.g. a passport) are just a paper medium of communication (as
in: "Never underestimate the bandwidth of a station wagon full of paper"),
authenticated by some unique features of hand written signature, rubber
stamp, prints on the paper etc.  One thing I cannot grasp is why some seem
to think it's sufficient when I compare the photo, but not when I rely
on electronic signatures.

Stan.



More information about the Gnupg-users mailing list