MUA "automatically signs keys"?

[Johannes Zarl]

[resent, this time to the mailing list]
Hi,

On Thursday 30 January 2014 21:09:45 MFPA wrote:
> <mid:20140130005844.1f0f5b54 at steves-laptop>, Steve Jones wrote:
> > The advantage you have here though is the web of trust.
> > 1 level 1 signature would probably be not enough, but
> > 5, 10, 100..?
> 
> If the signatures are made automatically be email software without
> verifying identity, where is the web of trust? Lots of such signatures
> would tie the key to the email address but not to a person.

If the same email-address is used together with the same key for a long time, 
it effectively ties the email-address to a person for all practical concerns. 
After all, you are communicating via email with someone you have never seen. 
Otherwise, you would have exchanged keys in person.

Just take this list: I don't give a damn whether Werner Koch is the real name 
of that guy working on that awesome piece of software. I do care about that 
awesome piece of software being signed by the same Werner Koch as last year.

If I needed to clarify a legal issue pertaining to the German citizen Werner 
K., I would prefer a key that I can link to a government-issued id.


> Email addresses, just like phone numbers, may be re-used by a different
> person today to who used them last year.

If someone else hijacks (maliciously or not) the email address without also 
infiltrating that person's PC and stealing the secret key, then the key would 
change.

If the initial communication was subject to a MITM-attack, the key would 
change as soon as the MITM attack stops or gets sidestepped. The quality of 
this "canary" improves with the number of signatures over an extended time.

In either scenario, you would notice that something was afoul as soon as the 
key changes and investigate.

The result is not perfect glorious privacy, just pretty good for the 
average(tm) user.

Cheers,
  Johannes