From: karn@qualcomm.com (Phil Karn)
Date: Sun, 29 Nov 92 14:04:10 PST
To: edgar@spectrx.Saigon.COM
Subject: Re: Secure key exchange
Message-ID: <9211292203.AA17336@servo>
MIME-Version: 1.0
Content-Type: text/plain


How byzantine!

PGP 2.1 will have a much more convenient facility for verifying public
keys that you receive over the network. If you say "pgp -kvc karn",
for example, it will display the MD-5 hash of karn's public key as 16
hex bytes. If you know the sound of my voice, you can call me on the
phone and have me read off the hash code that I compute here on my key
so you can compare it to the value you computed. If they match, you
can sign my key with reasonable confidence.

About the only way to defeat this system is for the bad guy who feeds
you the bogus key in my name to come to my house and hold a gun to my
head as I receive your phone call.

I would much rather trust a simple verification procedure based on
redundancy and close personal relationships than a single, complex,
impersonal process involving people I don't know. This is not to
impugn your integrity, of course -- I'm simply speaking on principle.

People need to be very selective about the signatures they sign,
otherwise they will become meaningless. I've already had people sign
my public key without any verification that it is legit. This is a
no-no.  I am bothered by the message that PGP currently generates when
it reads in some new public keys asking if you'd like to certify each
new key. Even though the default is "no", it makes it too easy to sign
a key without really verifying its authenticity.

Phil