MUA "automatically signs keys"?

Johannes Zarl johannes at
Fri Jan 31 15:53:18 CET 2014

On Friday 31 January 2014 01:28:20 MFPA wrote:
> <mid:1703510.WrKrPo3DPU at mani>, Johannes Zarl wrote:
> > If the same email-address is used together with the
> > same key for a long time, it effectively ties the
> > email-address to a person for all practical concerns.
> > After all, you are communicating via email with someone
> > you have never seen.
> Didn't two or three people on this list all use the same key to sign
> messages to this list a few years ago, for quite a while before
> anybody noticed?

If a mail program were to implement this automatic-persona-signature scheme, 
that wouldn't prevent this kind of fooling around. But I still think it could 
improve the awareness for this sort of thing (beyond the current state as 
described in xkcd:

> > If the initial communication was subject to a
> > MITM-attack, the key would change as soon as the MITM
> > attack stops or gets sidestepped. The quality of this
> > "canary" improves with the number of signatures over an
> > extended time.
> If the MITM attack lasts "an extended time" all the signatures would
> be on the key of the MITM-attacker...

You are right - that's the implicit problem in a system without trust-anchor: 
you only ever can prove that a problem occurred, not that everything is fine.

Basically it's a "physical" approach instead of a "mathematical" one: in 
mathematics you can prove everything from a few axioms (the trust-anchor). In 
physics you can never be certain, but we keep watching the world and whenever 
we spot an inconsistency with our model we investigate.

> > In either scenario, you would notice that something was
> > afoul as soon as the key changes and investigate.
> You _might_ notice.

If a mail program implements this (and automatic signing would need explicit 
support from the mail program), then it would also implement a notification. 
Implementing the auto-signing part without using the information for spotting 
problems is like implementing PGP without support for key expiration and 
revocation ;-)


More information about the Gnupg-users mailing list