On Tuesday 10 April 2007 22:05, Arthur Hagen wrote:
> On Tue, 2007-04-10 at 21:11 +0200, Magnus Holmgren wrote:
> > You're wrong. My public key is available from the standard keyserver
> > network. wwwkeys.*.pgp.net, pgp.mit.edu, search.keyserver.net, and other
> > servers that exchange keys with them. And it's signed by several people
> > too.
>
> Except that there's no way to securely verify that this key was
> submitted by *you*. I can submit a key to the key server networks too,
> and claim it belongs to Magnus Holmgren. And have it signed by several
> other keys I hack up. (I was briefly considering doing that and signing
> this e-mail with it to bring the point home, but that would have been
> very bad karma.)
Of course you can; that's how PGP works. The security comes from the Web of
Trust: Several people have verified and certified that the key used to sign
this mail belongs to me. That's not enough, of course, but each of those
people have been identified and connected to their respective keys by several
other persons, and so on, hopefully back to several persons whose keys
*yourself* have signed. If the web of trust paths between yourself and the
pertinent key is dense, the key is likely to be the right one. Here's an
example:
http://pgp.cs.uu.nl/mk_path.cgi?FROM=94C09C7F&TO=7D61E3E6
And even if you can't trust that I am me, you can still be confident that all
messages signed with this key come from the same person. Had you created a
key with my name on it, everyone would have been able to see that it's an
impostor.
> In fact, a good percentage of the keys on the public
> key servers are now believed to be fake, especially those claiming to
> belong to well-known persons. And some of them have even been signed by
> real people who didn't know better, and replied to "please sign my key"
> requests.
Are you talking Linus Torvalds well-known or John Travolta well-known? I'd be
surprised if there is any real doubt as to which keys are the real ones.
> http://www.cymru.com/gillsr/documents/pgp-key-verification.htm
>
> A dual key signing system is only valuable if the public key can be 100%
> trusted to come from the person it claims to be coming from, and the
> private key is kept 100% safe. If either condition can't be fulfilled,
> it's slightly worse than useless.
As always, you have to weigh cost against risk. Zero risk isn't necessarily
economical.
> Mostly it's used with no purpose whatsoever except to say "look what I can
> do".
Or as a statement that ubiquitous mail signing is a good thing.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
