MUA "automatically signs keys"?
johannes at zarl.at
Fri Jan 31 15:53:18 CET 2014
On Friday 31 January 2014 01:28:20 MFPA wrote:
> <mid:1703510.WrKrPo3DPU at mani>, Johannes Zarl wrote:
> > If the same email-address is used together with the
> > same key for a long time, it effectively ties the
> > email-address to a person for all practical concerns.
> > After all, you are communicating via email with someone
> > you have never seen.
> Didn't two or three people on this list all use the same key to sign
> messages to this list a few years ago, for quite a while before
> anybody noticed?
If a mail program were to implement this automatic-persona-signature scheme,
that wouldn't prevent this kind of fooling around. But I still think it could
improve the awareness for this sort of thing (beyond the current state as
described in xkcd: https://xkcd.com/1181/)
> > If the initial communication was subject to a
> > MITM-attack, the key would change as soon as the MITM
> > attack stops or gets sidestepped. The quality of this
> > "canary" improves with the number of signatures over an
> > extended time.
> If the MITM attack lasts "an extended time" all the signatures would
> be on the key of the MITM-attacker...
You are right - that's the implicit problem in a system without trust-anchor:
you only ever can prove that a problem occurred, not that everything is fine.
Basically it's a "physical" approach instead of a "mathematical" one: in
mathematics you can prove everything from a few axioms (the trust-anchor). In
physics you can never be certain, but we keep watching the world and whenever
we spot an inconsistency with our model we investigate.
> > In either scenario, you would notice that something was
> > afoul as soon as the key changes and investigate.
> You _might_ notice.
If a mail program implements this (and automatic signing would need explicit
support from the mail program), then it would also implement a notification.
Implementing the auto-signing part without using the information for spotting
problems is like implementing PGP without support for key expiration and
More information about the Gnupg-users