From: Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu>
To: patl@lcs.mit.edu
Message Hash: 8f925cb84ea19c78c9ef6c4d035ac94fda06c0babffdedd4e32a1323305ee4b4
Message ID: <199508230500.XAA23861@nagina.cs.colorado.edu>
Reply To: <199508222317.TAA09558@eiffel.lcs.mit.edu>
UTC Datetime: 1995-08-23 05:00:40 UTC
Raw Date: Tue, 22 Aug 95 22:00:40 PDT
From: Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu>
Date: Tue, 22 Aug 95 22:00:40 PDT
To: patl@lcs.mit.edu
Subject: Re: True Names and Webs of Trust
In-Reply-To: <199508222317.TAA09558@eiffel.lcs.mit.edu>
Message-ID: <199508230500.XAA23861@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
patl> Zimmermann clearly understood all of this, but I don't think he
patl> documented it properly. In my opinion, everyone should always
patl> think in terms of man-in-the-middle attacks when signing a public
patl> key. Mandating "True Names" is just an overconservative approach
patl> suitable for people who don't fully understand the issue.
wilcoxb> My point exactly. My post "Stop Fixating on True Names" was
wilcoxb> an attempt to clarify things to said people.
patl> Then you didn't clarify very well; to wit:
wilcoxb> Okay now does anyone want to do any of the above two things
wilcoxb> to me? If not then *don't* *worry* about whether my public
wilcoxb> key is signed by anyone or not. It makes zero difference to
wilcoxb> you until such a time as one of the above motivations
wilcoxb> acquires.
You are quite right that this paragraph was unclear. I meant "don't worry
about whether my public key is signed where signing means certifying the
mapping between my key and my physical identity.", not "don't worry about
whether my public key is signed where signing means certifying the mapping
between my key and a perceived identity of mine.".
It is unfortunate that a PGP key-signature has such ambiguous semantics, but
again it is my fault for being unclear above.
wilcoxb> Zimmermann et al. were/are naive to emphasize the Web of
wilcoxb> Trust as a means of introducing strangers.
patl> The first paragraph clarifies nothing because it is dead wrong; the
patl> second because it is arrogant, offensive, and dead wrong.
Pshaw. I think it's funny when people gasp in horror if you say something
disrespectful of Saint Phil.
Here, I'll say it again: Zimmermann was naive to emphasize the Web of
Trust as only legitimate for public key<->Real-Life-identity mappings. In
the future such mappings will be rare, while the Web of Trust will be used
extensively for public key<->virtual-identity mappings.
(The alert observer will notice that I changed some things between the first
and second invocations of the Disrespectful Assertion. This is because when
I wrote the first version I was still confused about the ambiguity between
"Web of Trust as set of key<->Real-Life-identity mappings" and "Web of Trust
as set of key<->identity mappings".)
patl> Given that active attacks are hard to explain and understand fully,
I'll say! I'm having a very hard time understanding all of this clearly.
patl> the PGP docs are correct to advocate a conservative approach to
patl> signing keys. Novices *should* be taught to take the Web of Trust
patl> seriously. (Yes, I am retracting my own statements quoted above; the
patl> more I think about it, the more I think it is very hard to teach a
patl> novice the details of active attacks.)
Be that as it may, I still think that Zimmermann assumed that
key<->real-life-identity mappings would be the primary purpose for the Web
of Trust when he wrote "pgpdoc1.txt". And I think he was wrong about that.
It is not "arrogant" or "offensive" to say that someone was wrong when you
believe that to be the case.
patl> Moreover, I suspect that active attacks are more likely today than
patl> when those docs were written, which makes their advice precisely the
patl> opposite of an "anachronism".
Furthermore, Phil's advice to only sign keys which you have physically
verified actually makes it easier for an attacker to get In-The-Middle-Of you
and me. This is because there is no Web of physically-verified keysigs
between you and me. If Phil had recommended treating public keys as being
equivalent to net.personas, and verifying them as such, (or better yet, had
provided a certificate mechanism to do so in *addition* to the current
certificates) then there would be a Web of non-physically-verified keys
between you and me, which would be much harder for an attacker to subvert.
Since you and I do not share any such Web, we are not any better off than if
we were using symmetric-key cryptography, as far as privacy goes!
(Authentication is of course another matter.)
Ah, the irony. By insisting on maximally-strong links between each node in
the Web, you generate a much weaker Web than if you allowed weaker individual
links in greater quantity.
Thank you for your correspondance, Patrick and others. I look forward to
more constructive interaction.
Bryce
signatures follow:
+
public key on keyservers /. island Life in a chaos sea
or via finger 0x617c6db9 / bryce.wilcox@colorado.edu
---*
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed with Bryce's Auto-PGP v1.0beta
iQCVAwUBMDq0kfWZSllhfG25AQERJAQAglcIqszrEeWmrbL1E/SxpdRK+3B8zKC9
g7H6fd6T6D8BnYv6u4wmlU+F8fyFT0V6cVa5BZ6Defmc6phvYD9wKyleuaYjRaOP
tVd8tITqpoIkmpK1+skCiV5CUl5eseKQJUlUa2LX4J8Lh9J6t9ZRm6p72ocJ88JL
hnOknxRHz/M=
=Pes4
-----END PGP SIGNATURE-----
Return to August 1995
Return to “tcmay@got.net (Timothy C. May)”