[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: USENIX PGP key signing service
> The process I gave above binds a key to both a verified human (by USENIX's
> process of checking drivers' license, etc.) *and* an e-mail account. The
> meaning is simple. "Carl Ellison, a USENIX member, uses this signature key
> and receives mail at email@example.com". The process of becoming assured of
> that Meaning is not the Meaning.
Sorry for the misunderstanding. But I think this meaning is still
somewhat ambigous. See below.
> That aside, I agree with you. The meaning of a cert needs to be somthing
> simple like your two examples. The process I suggested for USENIX allows
> your example 1 directly. It also allows
> 3. If you believe X is a USENIX member with the name Carl Ellison, then
> you should believe that X owns public key ...
My previous message tried to argue that the process you suggested
does not allow for example 1 and that stating the meaning in this explicit
form makes this fact clearer.
Let me try again. Suppose Alice want to communicate with Bob, and the
only thing Alice knows about Bob is that his e-mail address is
firstname.lastname@example.org. Alice has an USENIX certificate that says "If you believe
entity x has e-mail address email@example.com, then you should believe that
entity x owns public key ..." If the process that generated this
certificate is the one you described, then Alice should NOT use the
certificate to infer that Bob owns the given key. If she does, then she
could be open to the following attack:
Mallet enters the USENIX signing process and truthfully provides all the
information except for the e-mail address, which he says is firstname.lastname@example.org.
When the secret S2 is e-mailed to email@example.com, Mallet intercepts it and
then forges a reply that appears to come from firstname.lastname@example.org. Now Mallet has
a certificate that says "If you believe entity x has e-mail address
email@example.com, then you should believe that entity x owns public key ..."
but the given public key is Mallet's, not Bob's.