About PGP Signing a File.
Matthew Flaschen
matthew.flaschen at gatech.edu
Tue Feb 13 16:46:03 UTC 2007
Jeffrey F. Bloss wrote:
> Matthew Flaschen wrote:
>
>>>>> It's entirely possible that the guy's keys were stolen in the
>>>>> intervening night.
>>>> Also true, but that's what revocation certificates
>>>> (http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html) are
>>>> for. Constant vigilance.
>>> If your keys have been compromised a revocation certificate is
>>> mostly useless.
>> Eh? An attacker can sometimes create a false revocation certificate,
>> but that doesn't stop you from creating a real one. It's true that it
>
> There's no "can sometimes" about it. If your keys are compromised
> in this context an attacker can create revocation certificates all day
> long.
Right. That's not the only kind of attack on PGP though.
> And neither the valid nor the invalid revocation certificate
> carries with it any mechanism at all to make a determination. That's
> the whole point.
Which means you should never use a revoked key, because it *could* have
been compromised.
> Out of band has nothing at all to do with this. Yes it's a valid way
> to establish some level of personal credibility, but that credibility
> doesn't scale to digital certificates at all like you seem to believe
> it does. Even knowing someone all your life and watching them generate
> a key in person right after the blood tests is meaningless once you
> leave the room, without a considerable amount of investment that has
> nothing at all to do with PGP.
How's that? If I identify them in person, then get their key, I can be
sure that all messages generated by that key were made by them.
> No, it's *the* issue. There's any number of ways this sort of digital
> signature scheme can be trivially exploited or simply fail under its
> own weight. A "DoS" attack perpetrated by forged/bogus revocation
> certificates is just one of the inherent weaknesses that make PGP
> signatures so unsuitable for proof of authorship that most
> experts in the field people consider them utterly useless.
A (possibly fake) revocation makes them suddenly unsuitable, but between
verification out-of-band and key revocation/expiry, why can't it work as
a proof of authorship?
> As I've stated quite plainly several times already, there are ways to
> help give digital certificates the sort of credibility far to many
> people assign to them as a default. They're generally either
> unmanageable to the point of being ludicrous for most laypersons needs
> or fraught with their own perils.
How is it ludicrous to meet a close friend in person to exchange keys?
> Regardless of that, verifying someones
> identity at the time of key exchange is such a small part of any of it
> that it's almost irrelevant. The verification process itself is
> exploitable, and it offers absolutely *zero* forward security. So
> verification itself requires a high degree of complexity to be
> reliable, and evaporates when you blink.
I have no idea what you're talking about. Once a key is personally
verified, it's usable until/unless a secret key is compromised.
>
>> All security mechanisms are vulnerable if you lose the secret. So,
>> don't do that then. PGP is not unique, and is better than most
>> because you're not supposed to share a secret with anyone (unlike
>> e.g. passwords).
>
> Irrelevant. What's "suppose" to happen, what "can happen", and whether
> or not some protocol or mechanism addresses what happens in reality are
> completely unrelated. The bottom line fact is that PGP/GnuPG do so
> little to verify a key holder's identity that if you want any
> reasonable level of trust you have to look elsewhere. Plain and simple.
>
>
> Once again, there simply is no reliable method of proving "digital
> identity" currently available.
I keep saying that you don't prove your identify digitally.
Matthew Flaschen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070213/1b203c82/attachment.sig>
More information about the ubuntu-users
mailing list