1994-10-05 - Re: Nom de guerre public key

Header Data

From: franl@centerline.com (Fran Litterio)
To: cypherpunks@toad.com
Message Hash: b524f49f54d402c5753e2782fb1b60de115dafbfb9b297acc9f2e8f8be722d6b
Message ID: <FRANL.94Oct5093142@draco.centerline.com>
Reply To: <FRANL.94Oct2201427@draco.centerline.com>
UTC Datetime: 1994-10-05 13:57:18 UTC
Raw Date: Wed, 5 Oct 94 06:57:18 PDT

Raw message

From: franl@centerline.com (Fran Litterio)
Date: Wed, 5 Oct 94 06:57:18 PDT
To: cypherpunks@toad.com
Subject: Re: Nom de guerre public key
In-Reply-To: <FRANL.94Oct2201427@draco.centerline.com>
Message-ID: <FRANL.94Oct5093142@draco.centerline.com>
MIME-Version: 1.0
Content-Type: text/plain


warlord@mit.edu (Derek Atkins) writes:

> > A signature on your PGP public key is a personal guarantee from the
> > person who signed it that she has first-hand knowledge that the key's
> > userid accurately names the person who physically possesses the key
> > (i.e., the signature validates the binding between userid and person).

> Actually, this is not true.  A signature on a key is a personal
> guarantee from the signer that binds the user-id to the _KEY_, not
> necessarily a person.

That's part of it, but the more important binding created by a
signature is the binding between the userid and the real person.
Without that binding, the binding between the key and the userid is
useless.  This is why photo-identification (i.e., a passport) a
required part of keysigning (unless the signer personally knows the
key's owner).  Sure signatures bind the userid to the key, but what
good is that to third parties if they can't be sure that the userid
accurately names the person who possesses that key?

> For example, in the case of a real
> person, you can send me a message to "warlord@MIT.EDU" and later meet
> me in person, and I can verify that I received the message by
> responding in some appropriate manner.  

When I meet you in person to hand you my key fingerprint, won't you
require me to identify myself in order that you can be sure the name
in the userid of my key is also the name of the person you are
meeting?  If you do, then you will have just validated the binding
between userid and real person.

> But you cannot perform this check for a pseudonymous identity, because
> there is no secure way to prove that that key really belongs to some
> identity.

Which is exactly why I can never sign the key of a pseudonymous
entity.  Because the entity is unwilling to prove to me that there is
a single real person who possesses the private half of his key.

> It is possible to set up a server that
> compares userID to mailID in some secure manner.  For example, there
> were some way to get a secure mail from a user to a server, and the
> server could verify the mail address, and then validate the mail
> address to pgp keyID.
> As an aside, I've written a Kerberos PGP Keysigner -- it uses kerberos
> authentication to validate a user and compares the kerberos identity
> to the userID on the key, and if certain qualifications are met
> between these two names, the server will sign the key.  The assurance
> this key is making is that the owner of this key could authenticate as
> this user to me via kerberos.

I don't like the idea of an automaton possessing or signing PGP keys.
People sign other people's keys because only people have the need to
trust other people.  Automatons don't need to trust and they are not
the direct targets of trust.  This is the objection I had to Phil's
signing of the Betsi public key.  As an automaton, Betsi is only as
trustable as its human authors and adminstrators.  Yet Phil doesn't
know who those people may be in five or ten years.  Yes, people change
over time too, but not as quickly or as radically as an automaton can.
It's too easy to subvert an automaton for me to ever sign an
automaton's PGP key.

Version: 2.6.1

Fran Litterio                   franl@centerline.com (617-498-3255)
CenterLine Software             http://draco.centerline.com:8080/~franl/
Cambridge, MA, USA 02138-1110   PGP public key id: 1270EA1D