Two GCC stories

Posted Jul 1, 2010 0:44 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: Two GCC stories by tialaramex
Parent article: Two GCC stories

Also, you might think you don't care about the identities. But it turns out you do. Suppose you get used to having a lot of PGP keys that you "trust" without caring about their identity, and use to communicate about relatively mundane things like security holes in Internet Explorer - and also you have a PGP key for Boris, with whom you are conspiring to blow up the Eiffel Tower.

One day you get a PGP message, with Bob's email address in the From line, and a valid PGP signature. It asks if you can provide the exact co-ordinates of "the target". This is a bit silly, the Eiffel Tower is on public maps, but you humour Bob by providing WGS84 co-ordinates. A few minutes later, with the last piece of their investigate puzzle now in place, the anti-terror police kick your door in. Whoops, it wasn't Bob after all - one of the IE hackers who you "trust" turns out to be a policeman and your lax approach to identity made him indistinguishable from Bob.

A decent PGP-backed communication system (e.g. email client) will figure out which key signed the data you're looking at, then find which identities associated with that key are signed by you or someone you trust, and show those. So you'll know whether the mail is from "Bob". But only if you bother to use the key signing features properly.

to post comments

Two GCC stories

Posted Jul 1, 2010 14:20 UTC (Thu) by fsateler (subscriber, #65497) [Link] (3 responses)

But is the signature on the e-mail made with the same key that has been in use all along to communicate? If yes, the problem was not of identity, but misplaced trust, and if not, the problem is between the chair and computer.

Two GCC stories

Posted Jul 2, 2010 8:17 UTC (Fri) by tialaramex (subscriber, #21167) [Link] (2 responses)

It's dismissive to say "the problem is between the chair and computer" when a human fails to do an exact bit-for-bit comparison between two public keys, meaningless strings of thousands of bits.

PGP humanises public key cryptography by associating keys with identities. Someone who refuses to take advantage of that (like yourself) is asking for trouble precisely because humans aren't very good at such bit-for-bit comparisons.

What did you want this "trusted but unidentified" behaviour for anyway?

Two GCC stories

Posted Jul 2, 2010 16:23 UTC (Fri) by fsateler (subscriber, #65497) [Link] (1 responses)

That was precisely my point, that GPG does not help in this situation.

And I want that behaviour for online collaboration. It is not always possible to build a GPG trust path to someone, but you can work enough with people to decide you trust them.

trust and identity

Posted Jul 3, 2010 20:32 UTC (Sat) by tialaramex (subscriber, #21167) [Link]

You trust them? How do you trust them? You apparently don't believe you know any way of identifying them, not even by a pseudonym or a drop box email address. And you have no realistic way to distinguish one of these people you supposedly trust from any of the others.

Let me suggest that, in fact, you do associate these trusted keys with identities. You can sign this association, and that creates a cryptographically trustworthy mechanism for PGP to tell you "Abraham sent this" or "Bethany sent this" when it processes a future message signed with those keys - and that at last sounds like something you might be able to make use of in "online collaboration".

PGP is not a cloud application. The fact that you, on your PC, decided that this particular key belongs to "Abraham" is not automatically a fact shared with the whole world or even with "Abraham". You are not obliged, technically or ethically, to publish it, or tell anybody else. Similarly you are not required or expected to trust that whatever "Abraham" tells people (including by publishing signed keys) is true. You need never tell "Abraham" that you've assigned it this name, and if you prefer you can use outlandish or ridiculous names, "Mr Run-on-sentence" or "Flopdeedoodle"

Identity and trust are separate issues BUT for humans it isn't practical to hang trust on raw thousand-bit key values, so you must do SOMETHING about the identity issue first. That's all PGP/ GPG asks you to do.