[147623] in cryptography@c2.net mail archive
Re: [Cryptography] PGP Key Signing parties
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Fri Oct 11 13:32:43 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <201310102131.r9ALVWqQ015547@new.toad.com>
Date: Fri, 11 Oct 2013 09:30:39 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: John Gilmore <gnu@toad.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6275753583566303682==
Content-Type: multipart/alternative; boundary=001a11c35096d193c604e8771fbc
--001a11c35096d193c604e8771fbc
Content-Type: text/plain; charset=ISO-8859-1
Reply to various,
Yes, the value in a given key signing is weak, in fact every link in the
web of trust is terribly weak.
However, if you notarize and publish the links in CT fashion then I can
show that they actually become very strong. I might not have good evidence
of John Gilmore's key at RSA 2001, but I could get very strong evidence
that someone signed a JG key at RSA 2001.
Which is actually quite a high bar since the attacker would haver to buy a
badge which is $2,000. Even if they were going to go anyway and it is a
sunk cost, they are rate limited.
The other attacks John raised are valid but I think they can be dealt with
by adequate design of the ceremony to ensure that it is transparent.
Now stack that information alongside other endorsements and we can arrive
at a pretty strong authentication mechanism.
The various mechanisms used to evaluate the trust can also be expressed in
the endorsement links.
What I am trying to solve here is the distance problem in Web o' trust. At
the moment it is pretty well impossible for me to have confidence in keys
for people who are ten degrees out. Yet I am pretty confident of the
accuracy of histories of what happened 300 years ago (within certain
limits).
It is pretty easy to fake a web of trust, I can do it on one computer, no
trouble. But if the web is grounded at just a few points to actual events
then it becomes very difficult to spoof.
--001a11c35096d193c604e8771fbc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Reply to various,<div><br></div><div>Yes, the value in a g=
iven key signing is weak, in fact every link in the web of trust is terribl=
y weak.</div><div><br></div><div>However, if you notarize and publish the l=
inks in CT fashion then I can show that they actually become very strong. I=
might not have good evidence of John Gilmore's key at RSA 2001, but I =
could get very strong evidence that someone signed a JG key at RSA 2001.</d=
iv>
<div><br></div><div>Which is actually quite a high bar since the attacker w=
ould haver to buy a badge which is $2,000. Even if they were going to go an=
yway and it is a sunk cost, they are rate limited.=A0</div><div><br></div>
<div><br></div><div>The other attacks John raised are valid but I think the=
y can be dealt with by adequate design of the ceremony to ensure that it is=
transparent.</div><div><br></div><div>Now stack that information alongside=
other endorsements and we can arrive at a pretty strong authentication mec=
hanism.</div>
<div><br></div><div>The various mechanisms used to evaluate the trust can a=
lso be expressed in the endorsement links.=A0</div><div><br></div><div><br>=
</div><div>What I am trying to solve here is the distance problem in Web o&=
#39; trust. At the moment it is pretty well impossible for me to have confi=
dence in keys for people who are ten degrees out. Yet I am pretty confident=
of the accuracy of histories of what happened 300 years ago (within certai=
n limits).</div>
<div><br></div><div>It is pretty easy to fake a web of trust, I can do it o=
n one computer, no trouble. But if the web is grounded at just a few points=
to actual events then it becomes very difficult to spoof.=A0</div></div>
--001a11c35096d193c604e8771fbc--
--===============6275753583566303682==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6275753583566303682==--
