Re: [ga] Proof of Identification

[Bob Davis <bob.davis@netzero.net>]

John and all DNSO'ers,

  I have been a long time user of PGP as well.  None the less
in terms of this discussion your suggestions are not
relevant as the NC decided not to adopt their use for purposes
of indetification for voting purposes although a proposal was
submitted to them to do so.

John C Klensin wrote:

> For whatever it is worth, as someone who has been using PGP for
> many years and worrying about key integrity and validity and
> webs of trust for most of that time...
>
> (i) Mark's concerns about people signing things on the basis of
> faxed identity materials that can easily be tampered with are
> legitimate.  One can debate about how often faked documents
> would actually appear in particular communities, but I would
> never sign a key on the basis of such a faxed document alone.
>
> (ii) The key to an operational  "web of trust" is that word
> "trust".   Using PGP in some of the arrangements that have been
> proposed would make me _lots_ happier than using email
> addresses, but, for digital signatures/ key certifications to be
> meaningful, one has to not only be able to authenticate the
> signer's key, but trust the signer to behave appropriately.
>
> (iii) Trust is a somewhat elusive concept.   If the use of PGP
> signatures is going to be used to validate identity and
> uniqueness, then agreed-upon conventions are needed as to what
> gets signed and on what proofs.  If the person doing the
> checking trusts the signer to have understood those conventions
> and followed them (and, incidentally, to be competent about key
> management), then the endorsement is useful.  If not, it is
> meaningless (such an endorsement should not be held against the
> key-holder; to do so would enable all sorts of nasty attacks).
>
> (iv) Similarly, trust is not easily additive.  One of the
> debates/difficulties in the PGP community for many years is how
> many "partially"-trusted signatures add up to one fully-trusted
> one.  Some think the answer is two or three; others claim that
> no number will suffice.  And some of us will make case-by-case
> decisions depending on the importance of what is happening.  It
> is no accident that the programs have options to reflect all of
> those positions.
>
> The DNSO situation aside, different of us have different
> criteria for signing keys.   If you see a key signed in one of
> my two main keys (one RSA, one DH/DSS), it implies that I've met
> the individual face to face, seen identification that I find
> satisfying, and gotten at least verbal confirmation of the key
> fingerprint from the keyholder.   My criteria are not foolproof
> or attack-proof: I rarely take the extra step of sending someone
> an message encrypted in the public key they want me to sign and
> insist that they decrypt the message and send me back the secret
> contained therein before I will sign the key.   Perhaps I should
> do so more often, but there are limits.  Similarly, it would
> probably be possible to trick me by handing me a fake passport:
> I don't claim any knowledge of what most of the passports in the
> world look like or how to determine their validity.  But a
> non-existent person would have to go to fairly extreme lengths
> to get me to sign a key (and I do keep an extra signing key,
> identified as lower confidence, around for when I need to
> endorse something but my normal criteria are not met).
>
> So, the "a group of bogus people get someone to sign all of
> their keys and the system breaks" should not be a plausible
> attack: if there are clear signing criteria, and they are
> reasonable, then someone who starts signing keys for non-people
> or on dubious authenticate goes on the "less trusted as signer"
> list and just doesn't count: people with keys signed by that
> individual would need to seek additional signatures elsewhere
> (not to increase the count, but to find a signature from a
> trusted signer).
>
> And, again, "not trusted" is a term of art here: I've worked
> with people whose identity I can vouch for, whose integrity I
> trust completely, but who are, by experience and demonstration,
> lousy key managers (typically because they don't understand the
> theory well enough to implement it faithfully).  So I don't
> trust their signatures on other people's keys, not because I
> don't trust the people, but because I know of too many
> opportunities to compromise their keys.   Life is hard sometimes.
>
> For completeness, the interesting attack by a collection of
> non-people wouldn't be to subvert one signer and get him or her
> to sign all of their keys.   It would be to print up a
> collection of fake identification papers, one for each identity,
> but all bearing the same picture.   The associated "face" and
> one of the sets of credentials would then be submitted to
> different potential trusted signers, so that each one would
> match a key, a name, identity papers, and a face and sign the
> relevant key.   One would then have one real person (at most),
> associated with a number of (most faked) identities and keys
> with no easy detection mechanism.  The latest versions of PGP
> permit including a signed, digitized, photograph with a public
> key, and that might help detect this particular fraud, but the
> formats involved are not backward-compatible and few of us are
> using them.
>
>       john
>
> PGP Fingerprints:
>    DH/DSS (id 0xB11F733D): DF70 5F40 B8C9 AE70 0B30  73C7 3E58
> E556 B11F 733D
>    RSA (id 0x8F1B19A5): 6C84 7FC2 2F5A 2306  86BC DDE6 A573 E726
> Keys available from the usual servers.

Bob Davis...

__________________________________________
NetZero - Defenders of the Free World
Get your FREE Internet Access and Email at
http://www.netzero.net/download/index.html