Dave Turner on Fri, 13 Jul 2001 13:20:06 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] confirming my identity


Jeff Abrahamson wrote:
> 
> On Wed, Jul 11, 2001 at 05:15:08PM -0400, Dave Turner wrote:
> > Jeff Abrahamson wrote:
> > >
> > > On Wed, Jul 11, 2001 at 02:38:05PM -0400, Darxus@chaosreigns.com wrote:
> > > > My public key, as you may have noticed, does not have any information on it
> > > > that can be confirmed by photo ID:
> > > >
> > > > pub  1024D/0E9FF879 2000-09-05 Darxus <Darxus@ChaosReigns.com>
> > > >      Key fingerprint = DE37 8846 3B06 B97C F661  D68F 7FB5 B0BE 0E9F F879
> > > > sub  1024g/2EEAB976 2000-09-05
> > > >
> > > >
> > > > It's been signed by a number of plug regulars who know, personally,
> > > > who I am.  If you don't, you may want to consider alternate methods of
> > > > verifying my identity, so you can sign my key.
> > > >
> > > > Like emailing me a password/phrase, so that only I (the person with the
> > > > email address darxus@chaosreigns.com) would know it, and so you could
> > > > know who me is.
> > >
> > > But then how do I know that you didn't cleverly intercept the mail
> > > from the real darxus?
> > >
> > > ;-)
> > >
> > > --
> > >  Jeff
> > >
> > >  Jeff Abrahamson  <http://www.purple.com/jeff/>
> >
> > Because you encrypted the message using his public key, and you brought
> > with you the fingerprint of the key you encrypted with.  So, the person
> > you meet at the meeting has the same keys as the person who has the
> > e-mail address.
> 
> True, but the extremely paranoid point is that all I know is that the
> key belongs to a human being (presumably ;-), an entity capable of
> attending a meeting and reading mail. I don't know *who* it is. And
> that's part of the point of the signing.
> 
> In other words, he can't provide further proof of who he is except
> that he's darxus@chaosreigns.

And that's all the key says.

> If his key said "Jon Johanssen" and he shows up at the meeting with
> his Finnish passport saying that he's Jon J himself, then I know
> something more about what I'm signing. It's still possible to fake,
> but it's just harder.
> 
> Consider the following: I kidnap the real Darxus, then I adopt his
> email persona. I'm a programmer, so I even write some cool free
> stuff. Now I issue a key signed darxus, then come to the
> meeting. People sign my key, because they did what you propose above.

1.  If you could kidnap Darxus, you easily get a fake "Jon Johanssen"
passport - especially since none of us know what a Norwegian passport
looks like (he's actually Norwegian, not Finnish).

2. You would still need Darxus's passphrase - if you could beat that out
of him, then it wouldn't matter whether the key was signed.  You would
just wait 'till after the keysigning to kidnap him and steal his key :)

> Now, I release Darxus (maybe ;-). He can't very well revoke the signed
> key.  It's thorny. (He would get other people to sign a new key, of
> course, and to revoke their signatures of his key. But it's much
> harder.

Keys can be revoked after they've been signed.  Consider if you
accidentally sent someone your private key when you meant to send them
your public key, or if blowfish (used to protect your private key) were
broken.

-- 
-[Dave Turner                              Stalk me:  (215)-545-2859]
---------------------------------------------------------------------
<zzorn-work-3> Interesting case: A goldfish swimming in a fishtank, 
that is carried on the back of a dragon



______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug