Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 6:32 UTC (Fri) by jcm (subscriber, #18262)
In reply to: Re: kernel.org status: establishing a PGP web of trust by paulj
Parent article: Re: kernel.org status: establishing a PGP web of trust

How does you giving me a copy of your fingerprint prove that you own that key and didn't just download a copy of the fingerprint? If you then email me, how do you know you're emailing "me" and not someone else who controls the key? Answer: you don't. Unless you and I exchange some information that is tied to that key through a signature at the keysigning.

Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 8:42 UTC (Fri) by paulj (subscriber, #341) [Link] (4 responses)

The fingerprint is the cryptographic hash of the public key (MD5 a long time, SHA-1 for at least 12 years now), so it's public knowledge, so it doesn't prove ownership. Rather:

1. The person you met at the keysigning TOLD you that fingerprint is their key.

2. You can verify that that person is indeed the same person as the one controlling the corresponding key by exchanging encrypted data with it and verifying each side has decrypted the others.

However, there's no need for 2 to happen at the party itself. If you do it by exchanging email "We met at that signing party, and this was my fingerprint, remember?" and verify the other side can decrypt it and securely acknowledges that they met you, then you've achieved just the same thing as if you did something akin to step 2 before each other at the party.

Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 11:05 UTC (Fri) by nix (subscriber, #2304) [Link] (1 responses)

But this only works if your machine hasn't been compromised and your key stolen, right?

Boy, it's a good thing no kernel developers have had their machines compromised lately.

Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 12:12 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

If you follow the recommended procedures for key storage[1], the master private key which represents your identity is kept offline unless you need to sign someone else's key, generate a new subkey, or revoke a key. Separate subkeys (signed by the master key) are used for normal signing and encryption. You may need to revoke these subkeys and distribute new ones, but the master key used for the web-of-trust should remain valid so long as you don't bring it online after the machine is compromised.

[1] E.g. <http://wiki.debian.org/subkeys>

Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 15:03 UTC (Fri) by jcm (subscriber, #18262) [Link] (1 responses)

Anyone who controls that key can say "yea sure, I met you". It means *nothing*. Really. Seriously. The *only* way to connect the physical person in front of you with the key is for an interactive signing to take place.

Re: kernel.org status: establishing a PGP web of trust

Posted Oct 7, 2011 15:41 UTC (Fri) by paulj (subscriber, #341) [Link]

The situation you're describing is where person X, who you've met in person, thinks they control key A (indeed must, given your proposal), while some other person Y *also* controls the key and can intercept your email encrypted to key A and say "Yeah, indeed I met you there and A is my key".

Basically, if this is what you're worried about, the problem is that key A is compromised (as far as person X is concerned at least). I don't see how doing the encrypted exchange in person helps mitigate the compromise in any way - it doesn't help unmask that Y also controls A, & it doesn't stop Y from decrypting material intended for X with A.

But perhaps I've misunderstood you.