[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: USENIX PGP key signing service

At 20:29 -0400 5/29/96, Greg Rose wrote:

>Yes indeedy. While I agree with your comments
>generally, in context they are not what the
>service is about. While I think we would all
>applaud a new standard for certificates when it
>appears, we would then be faced with the problem
>of getting CAs (or non-authoritative equivalents,
>like what we're trying to do at USENIX) set up.
>What USENIX is doing is trying to get some
>infrastructure going based around the currently
>deployed technology, warts and all. Then, when
>spki bears fruit, or SDSI is ready for prime time,
>we can (and almost certainly will) add those
>forms. In the meantime we are adding a modest
>service to the PGP community.

If you want to add something of value, I believe you can push the envelope
without waiting for either SPKI or SDSI to get accepted.

In particular, I would like to second Neal's suggestion.  It achieves a
binding to the ownership of the private key and of the e-mail address,
assuming the signee is honest.

>Neal McBurnett <nealmcb@lucent.com> wrote

>Neal>To do this you need to send some secret info to that address
>Neal>and have them respond with that secret info as well as the
>Neal>shared secret given to them at the conference.  You should
>Neal>do this each year at renewal, also.

So, you don't get any fingerprints at the booth.  Instead, you generate two
secrets, S1 and S2 -- give S1 to the person, log S1 and S2 in your records
alongside their name and USENIX member number.  You  pgp -cat encrypt S2
using S1 as the key.  You send that message to the user's indicated e-mail
address.  That user decrypts that message and sends back S2, signed.  When
you get that and verify it, you sign the user's key, send it  to him and
post it to the key servers.  You use a USENIX key whose only UserID is a
URL instead of an e-mail address and at that URL you list the meaning of
the signature.

>  This can be done for a near-term experiment with UserID records.  However, a
>  small change to PGP would allow it to be done right -- making a key
>  signature record which carries its own meaning field.
>  There's another possibility.  USENIX could generate normal signed PGP
>  messages of the form:
>  [...]
>Again, yes, we could do this, but PGP as deployed
>wouldn't know anything about it, wouldn't consider
>it in the Web of Trust, and so on. Certainly worth
>considering for new versions of PGP, and then we
>could incorporate it. We do do something like this
>already, when (for whatever reason) we have revoked
>a signature. Since PGP doesn't support it, we did
>the next best thing.

You skipped my last suggestion -- that you could generate a normal PGP
signed message instead of a key-signature -- so that you could give the
meaning.  You could also give your version of the person's name, and
achieve the content if not the form of SDSI.  After all, it's a human being
who interprets the meaning of a key signature.  He might as well do it from
a readable, signed message as from a 1-liner in a pgp -kvv list of keys.

However, the machinery is in place for that 1-liner, and not for a database
of small signed messages, so having the URL as the UserID of the USENIX
key-signing key is probably the right answer for the moment.

 - Carl

|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+

Follow-Ups: References: