[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: USENIX PGP key signing service
At 02:20 PM 5/29/96 +1000, Greg Rose wrote:
>USENIX is setting up a PGP key-signing service,
>intended to go live at the 6th USENIX Security
>Symposium in July. A description of it is up on
>the Web at http://www.usenix.org/pgpkey.html .
>I'd appreciate any comments, particularly
>about the way we handle people who don't have
>their key fingerprints available at the time.
Greg,
this effort mimics the X.509 CAs and has some of their flaws.
1. There's no way specified for the user to know what USENIX certifies with that binding. That is, PGP provides no Meaning field. It could -- since USENIX could generate its own UserID for a key, giving the meaning "we saw 2 forms of ID for this USENIX member", and sign that -- but I tried that and the new Meaning non-user-ID showed up as the primary ID for the key once it was added to the PGP key server at MIT. Bummer.
2. The lack of global names isn't addressed. At the least, we should find a way to implement a trial of the Rivest & Lampson SDSI. This too could be accomplished if PGP were extended to have Meaning fields. In that case, USENIX could sign an ID record of the form "I know this person as USENIX member Greg Rose".
3. You have made no provision for verifying that the user whose key you're signing can, in fact, exerecise the associated private key. You should include his signing a random challenge message in your presence as part of the process.
This can be done for a near-term experiment with UserID records. However, a small change to PGP would allow it to be done right -- making a key signature record which carries its own meaning field.
There's another possibility. USENIX could generate normal signed PGP messages of the form:
-----BEGIN PGP SIGNED MESSAGE-----
We hereby certify that Carl Ellison is a USENIX member
as of July 24, 1996, and has demonstrated the ability to
sign a test message with the following key:
Type bits/keyID Date User ID
pub 1024/7362BE39 1994/05/09 Carl Ellison <cme@cybercash.com>
Key fingerprint = 61 E2 DE 7F CB 9D 79 84 E9 C8 04 8B A6 32 21 A2
Carl Ellison 1024-bit <cme@acm.org>
Carl Ellison <cme@tis.com>
We have verified his identity as the only Carl Ellison to be a
member of USENIX and we have checked his face against the picture
on his driver's license.
We have not verified any of the e-mail addresses mentioned above.
This certificate does not constitute a binding to or from those addresses,
from or to the indicated key.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMayqQlQXJENzYr45AQF2+wP/R/5wKWOzsALGEP+MG4MqAkLhsj4162uO
AYtiV7wF5+66kp3pDmuvTMmRJkjmYUquR1yTpDTmlZEJYZKLil/b7d3wHLPOIgFM
w0jZP2JYmnzAhUnC3mKgK6AJwGLY9yYl77uLzSysRI6cTdHrJJN8J4H5r4XsDLqm
5+VELwrsPS0=
=f8ZP
-----END PGP SIGNATURE-----
- Carl
From ???@??? Wed May 29 16:08:16 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
id AA24115; Wed, 29 May 96 15:58:02 EDT
Received: by callandor.cybercash.com; id QAA21947; Wed, 29 May 1996 16:00:29 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
id xma021918; Wed, 29 May 96 15:59:36 -0400
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
id MAA29288 for spki-outgoing; Wed, 29 May 1996 12:50:24 -0700 (PDT)
Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960529195047.0036d728@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 29 May 1996 15:50:47 -0400
To: Greg Rose <Greg_Rose@sydney.sterling.com>
From: Carl Ellison <cme@cybercash.com>
Subject: Re: USENIX PGP key signing service
Cc: coderpunks@toad.com, spki@c2.org, jis@mit.edu
Sender: owner-spki@c2.org
Precedence: bulk
At 02:20 PM 5/29/96 +1000, Greg Rose wrote:
>USENIX is setting up a PGP key-signing service,
>intended to go live at the 6th USENIX Security
>Symposium in July. A description of it is up on
>the Web at http://www.usenix.org/pgpkey.html .
>I'd appreciate any comments, particularly
>about the way we handle people who don't have
>their key fingerprints available at the time.
Greg,
this effort mimics the X.509 CAs and has some of their flaws.
1. There's no way specified for the user to know what USENIX certifies
with that binding. That is, PGP provides no Meaning field. It could --
since USENIX could generate its own UserID for a key, giving the meaning "we
saw 2 forms of ID for this USENIX member", and sign that -- but I tried that
and the new Meaning non-user-ID showed up as the primary ID for the key once
it was added to the PGP key server at MIT. Bummer.
2. The lack of global names isn't addressed. At the least, we should
find a way to implement a trial of the Rivest & Lampson SDSI. This too
could be accomplished if PGP were extended to have Meaning fields. In that
case, USENIX could sign an ID record of the form "I know this person as
USENIX member Greg Rose".
3. You have made no provision for verifying that the user whose key
you're signing can, in fact, exerecise the associated private key. You
should include his signing a random challenge message in your presence as
part of the process.
This can be done for a near-term experiment with UserID records. However, a
small change to PGP would allow it to be done right -- making a key
signature record which carries its own meaning field.
There's another possibility. USENIX could generate normal signed PGP
messages of the form:
-----BEGIN PGP SIGNED MESSAGE-----
We hereby certify that Carl Ellison is a USENIX member
as of July 24, 1996, and has demonstrated the ability to
sign a test message with the following key:
Type bits/keyID Date User ID
pub 1024/7362BE39 1994/05/09 Carl Ellison <cme@cybercash.com>
Key fingerprint = 61 E2 DE 7F CB 9D 79 84 E9 C8 04 8B A6 32 21 A2
Carl Ellison 1024-bit <cme@acm.org>
Carl Ellison <cme@tis.com>
We have verified his identity as the only Carl Ellison to be a
member of USENIX and we have checked his face against the picture
on his driver's license.
We have not verified any of the e-mail addresses mentioned above.
This certificate does not constitute a binding to or from those addresses,
from or to the indicated key.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMayqQlQXJENzYr45AQF2+wP/R/5wKWOzsALGEP+MG4MqAkLhsj4162uO
AYtiV7wF5+66kp3pDmuvTMmRJkjmYUquR1yTpDTmlZEJYZKLil/b7d3wHLPOIgFM
w0jZP2JYmnzAhUnC3mKgK6AJwGLY9yYl77uLzSysRI6cTdHrJJN8J4H5r4XsDLqm
5+VELwrsPS0=
=f8ZP
-----END PGP SIGNATURE-----
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+