[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Forwarded article.
This article was forwarded to you by [email protected] (Russell Earl Whitaker):
--------------------------------- cut here -----------------------------
Newsgroups: demon.security
From: [email protected] (Tom Willis)
Path: eternity.demon.co.uk!demon!pintu.demon.co.uk!twillis
Subject: Attempt at a signing policy
Distribution: world
Organization: DGA Ltd
X-Mailer: Simple NEWS 1.90 (ka9q DIS 1.19)
Lines: 122
Date: Tue, 15 Dec 1992 23:46:16 +0000
Message-ID: <[email protected]>
Sender: [email protected]
I would welcome any comments on the following, as a signing policy.
What do you think?
-----BEGIN PGP SIGNED MESSAGE-----
This is my policy for signing keys
==================================
(dated 12th December, 1992 1992-12-12)
- --Type bits/keyID Date User ID
- --pub 1024/6AD0D1 1992/10/24 Tom Willis <[email protected]>
- -- Key fingerprint = 04 D7 B9 24 50 BE B2 30 BD 23 1A 98 B5 01 F1
46
- -- Tom Willis <GBR55N55@IBMMAIL>
- -- Tom Willis
- -- </G=WilliTL/S=Willis/PRMD=IBMMAIL/ADMD=IBMX400/C=GB/>
- -- Tom Willis <[email protected]>
- -- Tom Willis
- -- </CN=Tom Willis/OU=HQ/O=DGA+C=GB/@DGA@Notes>
Introduction
- ------------
It is my intention that you should be able to trust my signature on any
key that you see. However, what you mean by trust and what I mean by it
may differ. In overview, I will only sign keys that I have received
directly from an individual that claims to own the key, and that I am
confident does so. My confidence is based upon the policy I maintain
for signing keys.
Policy
- ------
1. I will only sign a key that I have received physically during a
face-to-face meeting with the person claiming to own the key.
2. I will only sign a key once the claimed key-owner has proved to
me that they possess the secret key corresponding to the public
key that they have given me.
3. I will only sign a key/ID pair that I believe identifies the
person claiming to own the key.
4. I do not claim to have verified that the name the person is
using is actually their own legal name; I accept reasonable
aliases/handles but require that I am confident that the person
regularly uses the name given in public.
5. I do not claim to know that the key owner is trustworthy in
signing keys, and is not an agent provocateur.
The obvious ones:
6. I will not allow my secret key and password to fall into anyone
else's hands.
7. If I find that my secret key has been compromised, I shall do
my best to distribute a compromise certificate to anyone who
has received a key with my signature.
Notes on Policy
- ---------------
1. I will accept keys presented on paper or electronically (e.g.
on diskette), but the key must have been handed over during a
personal meeting with the (claimed) key-owner.
2. To satisfy me that the claimed owner actually *does* possess
the secret key, they must return to me a sequence of bytes
(chosen by me) signed with their secret key and encrypted with
my public key.
For example, if I meet someone I do not know well, and we
exchange keys, I will not sign their key until I have sent them
a sequence of text bytes (e.g. an item in radix-64 form signed
by my key), and they have returned the same item to me in a
message that is signed and encrypted, and I have checked that
my original `challenge' and the returned response are
*identical*, and that the message signature agrees with their
public key that I posssess. (Otherwise, the physical exchange
could well prove nothing about the person involved except they
possess the public key of the person they are claiming to be.)
3. My signature says that the key and the associated ID that I
sign belong together, so far as I can tell. In order not to
mislead you, I won't sign key/ID pairs that look wrong to me.
For example, I wouldn't sign even my own father's key, if the
ID said something like `President of the United States of
America'; because he ain't (and I *know* that!).
If my father's key also had a (secondary) ID on it that gave
his name as I know it, I *would* sign that association, even if
another ID is clearly garbage.
4. I would cheerfully sign a key/ID pair, even if I *knew* that
the ID was not the real ID of the owner, if it is a reasonable
ID. For example, if my Mother had a stage name, I would
certainly sign her key with that ID; I would also sign her key
with her maiden name. I wouldn't sign her key/ID where the ID
wasn't one I had ever heard her use, though. Not even my
Mother, much as I trust her otherwise!
5. My best friend, known since childhood, may be a gonzo when
dealing with security; I have no objection to signing his key,
but you should not assume that says anything about whether or
not I would trust *his* signature myself! (It's OK, mate, just
joking, I trust you *really*...)
-----BEGIN PGP SIGNATURE-----
Version: 2.1
iQCVAgUBKyqRM6soIBpyatDRAQH96AP/RMa0+MENYZ2EZTHZFiS04mgA40A0ncL5
rpuRePDrhBjAqxN/K5xX9rWWKgxiQgo3OvsY93tjFUZ1mn4ESUEscf57rnXE26cL
B/jEz+Kn4P4en8107ydl5VvZkkqMj3f3Vyfkuu5YN6KX2NIbpVzQgKSrV4Ah8vob
F0GKx8DdsOs=
=O2fB
-----END PGP SIGNATURE-----
--
Tom \/\/illis | 1. [email protected] | Have PGP 2.0 key
DGA Ltd | 2. GBR55N55@IBMMAIL | ... will swap
LONDON UK | 3. [email protected] |
--------------------------------- cut here -----------------------------