From: Carl Ellison <cme@TIS.COM>
To: raph@c2.org
Message Hash: 518b51b67b65d6881297357f237eff95f884f399fe9bb20af5c28c20288b2f21
Message ID: <9511282030.AA04051@tis.com>
Reply To: <Pine.SUN.3.91.951128113331.17420A@infinity.c2.org>
UTC Datetime: 1995-11-28 21:05:36 UTC
Raw Date: Wed, 29 Nov 1995 05:05:36 +0800
From: Carl Ellison <cme@TIS.COM>
Date: Wed, 29 Nov 1995 05:05:36 +0800
To: raph@c2.org
Subject: Re: The future will be easy to use
In-Reply-To: <Pine.SUN.3.91.951128113331.17420A@infinity.c2.org>
Message-ID: <9511282030.AA04051@tis.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>Date: Tue, 28 Nov 1995 11:43:34 -0800 (PST)
>From: Raph Levien <raph@c2.org>
>> It would acquire a meaning by being associated with some message or set of
>> messages:
>>
>> a) an attribute testimony (signed by someone with known authority to
>> specify such an attribute -- the equivalent of a certificate)
>
>This is the induction case, not the base case. It assumes that you've
>already got a bunch of trusted public keys in your database. It also
>assumes the willingness of the ownsers of those public keys to sign new
>keys. See, now they've got the same problem of trying to determine
>whether the key is valid. Turtles all the way down.
Of course. This isn't the base case. We would have some keys which I sign
based on my own personal knowledge; things handed to me by people I know;
some possibly published in the paper where the real key owner would see the
claim and be able to contest it. PGP today comes shipped with some keys to
provide the base for a chain of key signatures, but there's no verification
of PRZ's or JIS's keys. One has to prime the mesh somehow.
I personally prime it by having some keys (or fingerprints) exchanged face
to face with people I know -- and having others acquired by association
with signed messages (b). I don't have any yet whose trust has been
acquired by attribution (a), since we don't have that machinery set up yet.
BTW -- PGP currently lacks a way for me to note, when I sign a key, how it
is that I trust that key (by personal meeting, by attribution, by message
association, ...). A signed attribute record would let me record that
information for myself as well as for others.
>> b) a set of messages signed by the key in question (tying the key to
>> the source material from which the user formed his/her impression
>> of the sender)
>
>There being no reason, of course, why Mallet couldn't just sign all that
>stuff with his own signature. Here, you're relying on the ability of data
>to authenticate itself.
Here I'm talking about people I "meet" and "get to know" based strictly on
my own e-mail conversations with them. For such people, there is no other
evidence. If it weren't for those messages, these people effectively
wouldn't exist in my world. These messages define the people in question.
Stated another way: I want to communicate with Alice. I don't want to
communicate with Bob. I've never met Alice but I have an address for her
and a public key.
Alice --- Bob --- Carl
shows Bob as an active eavesdropper, controlling all of Alice's channels,
blocking release of her real key, announcing a key he controls under her
name to the rest of the world. By contrast,
Alice --- Bob --- Carl
shows Bob as Alice's secretary, who has been given the job, by Alice, of
reading all Alice's mail, choosing which to pass along to her and answering
all the others. Alice has generated a key for herself and has given the
private key to Bob so that he can sign for her and read all her mail.
Alice could even have that key certified as hers within some massive X.509
hierarchy -- doing that before she gave the private key to Bob.
I know of no crypto protocol which will distinguish one from the other
unless I have a private channel to Alice at some time -- but that
contradicts the original assumption that I've never met her.
In both cases, the person I think of as Alice is really
(Alice --- Bob) ---
and that's the "person" I learn to trust or not to trust. That's the
"person" for whom I attach an alias to the public key.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@tis.com http://www.clark.net/pub/cme |
|Trusted Information Systems, Inc. http://www.tis.com/ |
|3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 |
+--------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMLtxOlQXJENzYr45AQFw4gP/es2salfOBrsPW3X1d+NnsBTThKJSkTYP
yCp7YZ9iIgBXnV/rQ3TcZg2Gbts/QwpUrqN7fQQ+tNazMxqomd3+Iz+5HPTU2jc7
5rW8p/dyq1vKGDgy+M4ohTLE9XXVJLJo3AwpUJeAhqd/SAUiJPTpdgggotnXfAeF
wWovhe3nq+U=
=jpzx
-----END PGP SIGNATURE-----
Return to November 1995
Return to “Raph Levien <raph@c2.org>”