[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how secure is secring.pgp?



>> There are two security items here.  The first is that the secret RSA
>> key nott be revealed.  The second is that the name attached to that
>> key pair not be revealed.

I may be nitpicking here, but I have to argue.  Although there is a
relationship, security and privacy are not one and the same.  You have
named a security item, and a privacy item, not two security items.
For privacy to exist, security may be necessary, but that doens't make
it a security item.  For instance, I trust my roommate to respect my
privacy.  There's no lock on my bedroom door.  He knocks before coming
in if I'm in there.  This is a privacy system based on trust, not on
security.  I'm not proposing this model for the net, don't worry!
(That's Dorothy Denning's job. :-) I'm just pointing out that privacy
can exist without security, given appropriate constraints.  Similarly,
security can exist without privacy:  You can clearsign a message w/o
encrypting it.

>> This is really a huge hole.  Since secret keys are presumed to be in
>> the possession of only those who actually use the keys, possession of
>> a secret key on the secring.pgp is tantamount to proof that you are
>> that pseudonym.

I believe that the secring.pgp is secure, for most reasonable
purposes.  (You can debate this, but I'll just keep changing my
definition of reasonable on you.  So don't bother.)  However, it is
clearly not private.  One could argue that the entire secring.pgp
should be encrypted, and I might even agree with you.  I'll have to
think about it more.

>> In short: everything about a secret key ring should be encrypted.
>> 
>> A parallel (not as consequential): everything about a public key ring
>> should be encrypted.

The former point is probably true.  However, the latter point is
ludicrous, IMHO.  If it's a public key, why should it be encrypted?
The whole purpose of a public key is that it can be widely published.
Encrypting it sort of kills the idea.  If the name<->key mapping on
the public key is protected, it's useless for me to know that key ID
B4B951 signed some message.  I want to know who that person is, or at
least, who they claim to be.  You could claim that the keyring
identified the people with whom I talk, but that is easily overcome by
just keeping a few thousand people on your keyring.  Then the signal
is buried in the noise.  Even if you don't want someone's public key
visible on your own keyring, it's still reasonable for their key to be
published in some "global" directory, in the clear.

		Marc