1995-11-27 - Re: establishing trust

Header Data

From: cme@clark.net
To: Greg_Rose@sydney.sterling.com
Message Hash: b41926fa01e3d7e82c2adcdafc0e5889168d3146774daba417e86d1a8128e11f
Message ID: <199511270516.AAA05126@clark.net>
Reply To: N/A
UTC Datetime: 1995-11-27 06:20:13 UTC
Raw Date: Mon, 27 Nov 1995 14:20:13 +0800

Raw message

From: cme@clark.net
Date: Mon, 27 Nov 1995 14:20:13 +0800
To: Greg_Rose@sydney.sterling.com
Subject: Re: establishing trust
Message-ID: <199511270516.AAA05126@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg,

>Subject: Re: establishing trust 
>Date: Mon, 27 Nov 95 12:20:47 +1000
>
>-----BEGIN PGP SIGNED MESSAGE-----

Did you intentionally not provide the same key that this was signed with?
I added the key you provided, but PGP still couldn't find the right key for
this signature.

>  from the same person.  I even know who they came from:  the person who
>  is capable of signing with key 0xXXXXXXXX.
>
>I hate to point this out, but that isn't true.
>Anyone can create a key with any chosen keyid and
>attach the same publicly known name to it.

Of course -- sloppiness on my part -- trying to minimize my own typing.
Pardon me.  One must use a hash of the key or the key itself to identify it
-- not merely some portion of the modulus -- and the ID field has to be
large enough to rule out a brute force search on the spoofer's part.


The PGP KeyID problem has merely to do with PGP's own access mechanisms.
Successful verification of a signature by some key is linkage enough to
that key.  If multiple messages/files verify by the same key, they are
linked together no matter how the key is identified.  The problem you
identified comes from the fact that PGP doesn't let us know with enough
certainty that the same key was used for two different signatures.

In fact, PGP just tells you the UserID of the key which verified the
signature -- as if that UserID were (a) unique and (b) meaningful.  The
keyID isn't displayed.

For a version of PGP to suit my tastes, the unique UserID would be assigned
by me alone -- and the file of those assignments (called "aliases" in
TIS/MOSS) would be protected under my own signature (or, equivalently,
encrypted under my own conventional key -- the same one protecting my
private keys, perhaps).

 - Carl

 +--------------------------------------------------------------------------+
 |Carl M. Ellison    cme@acm.org    http://www.clark.net/pub/cme            |
 |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2  |
 |  ``Officer, officer, arrest that man!  He's whistling a dirty song.''    |
 +---------------------------------------------- Jean Ellison (aka Mother) -+





Thread