1997-06-13 - Re: Photo ID is not needed for key signings….

Header Data

From: “William H. Geiger III” <whgiii@amaranth.com>
To: Tim May <tcmay@got.net>
Message Hash: e6c87f68407e02d3f6d52dca4bf843b41d633a7c3664b18b44657f85fb118223
Message ID: <199706130328.WAA05249@mailhub.amaranth.com>
Reply To: <v03102800afc652637f93@[207.167.93.63]>
UTC Datetime: 1997-06-13 03:36:40 UTC
Raw Date: Fri, 13 Jun 1997 11:36:40 +0800

Raw message

From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 13 Jun 1997 11:36:40 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Photo ID is not needed for key signings....
In-Reply-To: <v03102800afc652637f93@[207.167.93.63]>
Message-ID: <199706130328.WAA05249@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <v03102800afc652637f93@[207.167.93.63]>, on 06/12/97 
   at 06:47 PM, Tim May <tcmay@got.net> said:

>At 8:31 AM -0700 6/12/97, Bill Frantz wrote:
>>IMHO - What you are really signing is the binding between the data
>>associated with the key (usually an email address) and the key.  You are
>>saying that the secret key holder is (one of the) person(s) who has access
>>to that account, and not some man in the middle in the middle.  If you ask
>>to see Lucky Green's, or Futplex's, or Black Unicorn's picture ID, you will
>>either see a forgery or an ID issued by an organization not interested in
>>birth certificates.

>I am fairly often accused of being arrogant, of being a "know it all." I
>have never claimed to be an expert on PGP, and I certainly am not. I use
>the MacPGP version which became available in '92, and will eventually
>star t working with PGP 5.x (which I have, and have installed, but not
>spent much time with).

>I generated a 1024-bit key in '92, right after PGP 2.0 appeared, and
>participated in a key signing, etc., shortly thereafter. It happened that
>my ISP at that time had just changed from Portal to Netcom. (Now it's
>"got.net", a fairly typical local provider of non-shell ISP services.)

>I can't understand (hint: someone please explain) why I get so many
>requests to send the "tcmay@got.net" key, as opposed to the
>"tcmay@netcom.com" key so widely available. I thought the key signings
>were about the Person Widely Known as "Tim May" being associated with the
>key signed, not some temporary e-mail address.

>My binding was between the key, and "me." Those who wanted to send
>messages to "me" could assume that only "I" could read it. The address
>"tcmay@netcom.com" vs. "tcmay@got.net" is not central. Any concern that
>"tcmay@got.net" is somehow not the keyholder of that '92 key is a
>nonissue.

>If the keyserver databases focus on such ephemera as the current ISP
>account, then they are focussing on the wrong things.

>Am I missing something central?

Well yes, :)

There are different levels of trust and authentication in the web of
trust.

Many (most?) people using PGP will never physically meet and authenticate
keys. Their security model does not require this. Instead what PGP is used
for is a verification method that I am talking to the same person at
tcmay@got.net in my correspondance even though I do not know who he is
physically. So over a period of time of exchanging PGP signed messages I
can authentincate that all of these messages are all comming from
tcmay@got.net who claims to be Tim May. I know that this is not much but
at least I know it's not Dimitri or someone else forging the messages from
that account (though I don't know if all this time tcmay@got.net has
really been one of Dimitri's accounts and that Tim May is really dead).

I also use PGP to sign all my distributed source code & binaries for my
programs. I also sign all my posts. My sharware customers can verify that
the software if from me and unmodified and can also verify any public post
regarding the software. Depending on how concerned on this they may be
satisfied that seeing the code signed with the same key that I use for my
mailing list and in all my public post as enough authentication that the
code is valid (though there is nothing preventing them from taking
stronger methods of authentication upto and including flying down to FL
and meeting me in person).

You also have PGP add-on software that does lookups of keys by e-mail
address. This is a convient feature if one is working with large keyrings.
You do run into the problem of e-mail addresses changing and having
multiple keys with the same address. In my software I make use of a
default file where a key can be assinged to an e-mail address regardless
of what is in the userid. YMMV with other software, from my own testing I
have found that most will either take the first key found with duplicats
or complain of "no key found" with address changes.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBM6C/hY9Co1n+aLhhAQGDzgQAr85CR5eIFZCFaM/pTGnt5c14x0HUYJJD
Muk7xEyR23cIZP9lrWyq+3IsIfk10sR+rLl2Ip05mwSFOasd1FRyuAIVv6vM6Ovm
3m3nSBfHwP0hQtwwrnCCFlOxScBuWjiSn8Pu/r2yhd6A1+vU8D+JeWe9VuPsDRv7
IRMeLadpvC8=
=1Fl1
-----END PGP SIGNATURE-----






Thread