1996-05-08 - Re: Senator Leahy’s Public Key

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: “msmith” <msmith@rebound.slc.unisys.com>
Message Hash: 854ed16a06cb0f32093439d7fc00c5c88e2dce4191a69b64153b86bf4c8cea6e
Message ID: <9605081459.AA20668@bart-savagewood.MIT.EDU>
Reply To: <199605071951.TAA14244@rebound.slc.unisys.com>
UTC Datetime: 1996-05-08 22:00:59 UTC
Raw Date: Thu, 9 May 1996 06:00:59 +0800

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 9 May 1996 06:00:59 +0800
To: "msmith" <msmith@rebound.slc.unisys.com>
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <199605071951.TAA14244@rebound.slc.unisys.com>
Message-ID: <9605081459.AA20668@bart-savagewood.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Actually, I've been thinking about this, and how do we *really* know that
> *anyone's* keys are actually theirs?  I'm new to this list and have been 
> collecting some of the keys from people who post with PGP signatures, but 
> even at that, I never certify them myself because I am not 100% absolutely
> certain that the key in question belongs to that person.  After all, what
> if some clever hacker dropped in and replaced someone's .plan file, or 
> edited their index.html file?  There's no real way to be absolutely 
> certain.

This is exactly what the web of trust is about.  The fact is that you
can't trust the Keyservers (they were never designed to be trusted);
you can't trust .plan files; you can't trust index.html files.
However you can trust signatures made by trusted keys.  That is why
the web of trust works.

For example, I've met in person with a lot of people and we've signed
each others' keys.  We've used various methods to "prove" identity.
Sometimes it's been a long time of personal interactions (close
friends).  Sometimes it's been a number of certifying documents, IDs,
etc.  Sometimes it's been a piece of knowledge that I know the other
has but no one else has.

The point is that once I'm attached to the web of trust I have a means
to verify other keys.  I can set up a CA that way (MIT has one) --
there is a keysigner that will use out-of-band means to verify the
identity of a user and then use that to sign a PGP key in that
person's name.

> How certain are we that the keyservers are 100% bulletproof?  Hell, I 
> could call Joe Schmoe up and say "tell me your fingerprint", but how do I 
> *really* know I'm talking to Joe unless I knew him before getting his 
> signature?  

As I said already, the keyservers are not bulletproof.  In fact, they
were never designed to be trusted.  They were designed to be an
untrusted key distribution system.  The end-user is still supposed to
verify the signatures on they keys received from the keyserver.

As for calling up Joe Schmoe, how did you get his number?  Did you
look it up in a phone book?  Call directory assistance?  These are
other means of identification, too.

You just need to look at it from a different angle.

-derek





Thread