basic identity mgmt
Doug Barton
dougb at dougbarton.email
Sun Jan 17 21:00:45 CET 2016
On 1/17/2016 2:17 AM, Peter Lebbing wrote:
> On 17/01/16 03:19, Doug Barton wrote:
>> Further I don't see signing as all that interesting either.
>> [...]
>> We can infer things about these topics from our knowledge/beliefs
>> about the sender, but I can't think of any rational person would go
>> along with a request to "Pay Joe $10,000" just because the message
>> was PGP signed. Forget the validity of the key, that kind of request
>> would require serious OOB authentication.
>
> Just because someone would
> not agree to an outlandish request based on a valid signature, this
> doesn't mean there aren't reasonable requests that are horribly bad.
[after lots of snipping]
Your example is a good one, but again I assert that it would be
overwhelmingly foolish to rely on *just the signature* to indicate that
the request to meet is a legitimate one.
You glossed over the points in my previous messages about the fact that
we cannot know for sure if the person sending the message is actually
who we think it is (i.e., that the legitimate correspondent has not lost
control of the key), and that they are not being coerced, based on the
signature alone. At minimum there should be some sort of "steganography"
based on how the message is constructed, certain words or phrases, etc.
That combined with the signature may be enough to prove the validity of
the message.
But this thread started trying to refute my assertion that keeping
certification keys air-gapped is pointlessly complicated. I haven't seen
a refutation of that premise yet. :)
Doug
More information about the Gnupg-users
mailing list