From: wcs@anchor.ho.att.com
Date: Sun, 11 Jul 93 23:24:44 PDT
To: mdiehl@triton.unm.edu
Subject: Re:  Radical Paranoia?
Message-ID: <9307120625.AA13929@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


Email is *not* enough.  Easily forged, easily intercepted, not secure.
This mail could be coming from me, it could be coming from the NSA,
it could be my cat jumping on my keyboard's function keys triggering
emacs form-letter-mode.  No way to tell.  Cat already dumped my password and
modem dialcodes into this mail message, and he's still pretty young :-)

Building and maintaining a web of trust means we're all responsible for
signing keys carefully, and making sure people know how careful our 
signatures are.  Read through the READMEs a couple more times until
you really understand the procedures!  

My view is that you should only sign a key if you really *know* that the
person whose key your signing is that person and you've verified with them
that you've got the right key.  If somebody *you recognize* hands you 
their key, fine - I recognize about 10 or so well-known cypherpunks that
I could do this with (plus other people who might be interested but
aren't verbose contributors here :-)  On the other hand, if Vesselin
Bontchev asked me to sign his key, I wouldn't do it, because I don't
know him by sight, unless somebody I know knows him personally introduced us.
If somebody you know by *voice* wants you to sign their key,
you'd better at least have a voice telephone call with them where you
read key fingerprints over the phone.  This is how I had Phil sign my key,
and there are 3-4 others here I could probably do this with if I wanted.

When you're adding people to your PGP keyring, pgp asks you how well
you trust people to sign keys.  You can trust me to do that much for
identifying people, but on the other hand I've got a diskless workstation
as the only thing I have that can do PGP until I get it on my wife's laptop,
so you can't trust that my keyring hasn't been hacked -- that's why
my pgp userid says "multiuser" in it. I really won't feel comfortable
signing keys until I've got a secure system and we've got an RSAREF
implementation that makes use of RSA kosher.

If you're likely to sign keys for people you don't really know well,
such as giving out starter PGP floppies at a trade show or rave or something,
I suppose you could generate a separate key/userid that says it's not 
very secure, signed by your regular key,
but do try to at least check easily-forged ID like driver's licenses
for people you don't know, and encourage them to generate real keys
and get them signed by people that *they* really know.  It's not ideal;
do people feel that's acceptable to get people initial connections?

				Bill 
# Bill Stewart    wcs@anchor.ho.att.com  +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ  07733-3030