[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why sign pubkey?



Thanks for the post. There is someone with a quite legitimate reason to
sign a newly generated public key with "Norman Hardy" in the user id string
but without my my e-mail address. He is one of the several other Norman
Hardy's in the U.S.  I could include a very short biography which would fix
that ambiguity.

I only send secrets to people that I have some reason to trust. I gain
trust sometimes from having met someone in person and talked for a few
hours. If I get a business card with a key finger print and e-mail address
(or URL) then I am safe from such spoofing as described in your post. Her
name plays no role in the transaction.

If I trust her because you recommended her to me, then perhaps I can get a
fingerprint and URL from you. Again I need no name.

In both of these cases the URL is merely a convenience. If she moves her
web page, a search engine will soon find it given a part of the finger
print included in the web page. Unless the attacker has compromised the
search engine, I need merely send mail enciphered by her public key to the
e-mail address given in each web page claiming to own the public key. Only
she will be able to read the mail.

Recommendation:
  Put URL & finger print on business cards.
  Include URL and finger print in recommendations.

  To send a secure message to some whose URL & trusted print you have:
    Check the URL for a public key whose print matches the trusted print.
      If that fails use a search engine for a better URLs.
    Send mail to each e-mail address found on a web page passing the test.

Recommendations should include a little text about what things the designee
should trusted with. Programs like PGP that follow trust chains should
display the text from each recommendation in the chain.