7.9.1. Web of trust vs. heierarchical key management
- A key innovations of Phil Zimmermann was the use of a "web
of trust" model for distributed trust in keys.
- locality, users bear costs
- by contrast, government estimates $1-2 B a year to run key
certification agencies for a large fraction of the
population
- "PGP is about choice and constructing a web of trust that
suits your needs. PGP supports a completely decentralized,
personalized web of trust and also the most highly
structured bureaucratic centralized scheme you could
imagine. One problem with relying solely on a personalized
web of trust is that it limitsyour universe of
correspondents. We can't expect Phil Zimmermann and a few
well-known others to sign everyone's key, and I would not
want to limit my private correspondence to just those
people I know and trust plus those people whose keys have
been signed by someone I know and trust." [William
Stallings, SLED key verification, alt.security.pgp, 1994-09-
01]
7.9.2. Practical approaches to signing the keys of others
+ sign keys of folks you know and wish to communicate with
- face-to-face encounters ("Here is my key.")
+ trust--to varying extents--the keys signed by others you
know
- web-of-trust
- trust--to a lesser extent--the keys of people in key
registries
7.9.3. Key Servers
+ There are several major sites which appear to be stable
+ MIT PGP Public Key Server
- via www.eff.org
+ Vesselin Bontchev at University of Hamburg operates a
very stable one:
- Ftp: ftp.informatik.uni-hamburg.de
IP: 134.100.4.42
Dir: /pub/virus/crypt/pgp/
File: pubkring.pgp
E-Mail: pgp-public-keys@fbihh.informatik.uni-hamburg.de
- pgpkeys.io.com
+ http://martigny.ai.mit.edu/~bal/pks-commands.html
- This is a PGP keyserver in Zurich. <Russell Whitaker, 7
April 1994>
-
7.9.4. Use of PGP key fingerprints
- "One of the better uses for key fingerprints is for
inclusion in signature files and other places that a key
itself is too bulky. By widespread dissemination of the
fingerprint, the chances of a bogus key being undetected
are decreased, since there are more channels for the
fingerprint to get to recipients, and more channels for the
owner of a key to see any bogus fingerprints out on the
net. [Bill Stewart, 1994-08-31]
7.9.5. "How should address changes be handled? Do old keys have to
be revoked?"
- Future versions of PGP may handle better
- One way is to issue .... "User-id revocation certificates
are a *good* idea and the PGP key format allows for them -
maybe one day PGP will do something about it." [Paul Allen,
alt.security.pgp, 1994-07-01]
- Persistent e-mail addresses is one approach. Some people
are using organization like the ACM to provide this (e.g.,
Phil Zimmermann is prz@acm.org). Others are using remapping
services. For example, "I signed up with the SLED (Stable
Large E-mail Database), which is a cross-referencing
database for linking old, obsolete E-mail addresses with
current ones over the course of time.... Anyone using this
key will always be able to find me on the SLED by
conducting a search with "blbrooks..." as the keyword. Thus
my key and associated sigs always remain good.... If you
are interested in the SLED, its address is
sled@drebes.com." [Robert Brooks, alt.security.pgp, 1994-07-
01]
7.9.6. "How can I ensure that my keys have not been tampered with?"
+ Keep your private key secure
+ if on an unsecured machine, take steps to protect it
- offlline storage (Perry Metzger loads his key(s) every
morning, and removes it when he leaves the machine)
+ memorize your PGP passphrase and don't write it down, at
least not anywhere near where the private key is
available
- sealed envelopes with a lawyer, safe deposit boxes,
etc., are possibilities
- given the near-impossibility of recovering one's files
if the passphrase is lost permanently, I recommend
storing it _someplace_, despite the slight loss in
security (this is a topic of debate...I personally feel
a lot more comfortable knowing my memory is backed up
somewhere)
- Colin Plumb has noted that if someone has accesss to your
personal keyring, they also probably have access to your
PGP program and could make modifications to it *directly*.
- Derek Atkins answered a similar question on sci.crypt:
"Sure. You can use PGP to verify your keyring, and using
the web-of-trust, you can then have it verify your
signatures all the keys that you signed, and recurse
through your circle-of-friends. To verify that your own
key was not munged, you can sign something with your secret
key and then try to verify it. This will ensure that your
public key wasn't munged." [Derek Atkins, sci.crypt, 1994-
07-06]
7.9.7. "Why are key revocations needed?"
- Key revocation is the "ebb-of-trust"
- "There are a number of real reasons. Maybe you got coerced
into signing the key, or you think that maybe the key was
signed incorrectly, or maybe that person no longer uses
that email address, because they lost the account, or that
maybe you don't believe that the binding of key to userID
is valid for any number of reasons." [Derek Atkins, 4-28-
94]
7.9.8. "Is-a-person" registries
+ There have been proposals that governments could and should
create registries of "legal persons." This is known in the
crypto community as "is-a-person" credentialling, and
various papers (notably Fiat-Shamir) have dealt with issues
- of spoofing by malicious governments
- of the dangers of person-tracking
+ We need to be very careful here!
- this could limit the spread of 'ad hoc crypto' (by which
I mean the use of locally-generated keys for reasons
other than personal use...digital cash, pseudonyms etc.)
- any system which "issues" permission slips to allow keys
to be generated is dangerous!
+ Could be an area that governments want to get into.
- a la Fiat-Shamir "passport" issues (Murdoch, Libyan
example)
- I favor free markets--no limitations on which registries I
can use
7.9.9. Keyservers (this list is constantly changing, but most share
keys, so all one needs is one). Send "help" message. For
current information, follow alt.security.pgp.
- about 6000 keys on the main keyservers, as of 1994-08.
- pgp-public-keys@martigny.ai.mit.edu
- pgp-public-keys@dsi.unimi.it
- pgp-public-keys@kub.nl
- pgp-public-keys@sw.oz.au
- pgp-public-keys@kiae.su
- pgp-public-keys@fbihh.informatick.uni-hamburg.de
- and wasabi.io.com offers public keys by finger (I couldn't
get it to work)
7.9.10. "What are key fingerprints and why are they used?"
- "Distributing the key fingerprint allows J. Random Human to
correlate a key supplied via one method with that supplied
via another. For example, now that I have the fingerprint
for the Betsi key, I can verify whether any other alleged
Betsi key I see is real or not.....It's a lot easier to
read off & cross-check 32-character fingerprints than the
entire key block, especially as signatures are added and
the key block grows in size." [Paul Robichaux, 1994-08-29]
7.9.11. Betsi
- Bellcore
- key signing
7.9.12. on attacks on keyservers...
+ flooding attacks on the keyservers have started; this may
be an attempt to have the keyservers shut down by using
obscene, racist, sexist phrases as key names (Cypherpunks
would not support shutting down a site for something so
trivial as abusive, offensive language, but many others
would.)
- "It appears that some childish jerk has had a great time
generating bogus PGP keys and uploading them to the
public keyservers. Here are some of the keys I found on a
keyserver:...[keys elided]..." [staalesc@ifi.uio.no,
alt.security.pgp, 1994-09-05]
By Tim May, see README
HTML by Jonathan Rochkind