[Foundation-l] OT: Re: PGP-keysign at the tech/chapter-meeting

Tue Apr 7 22:44:54 UTC 2009

I generally agree with your points, but I'll reply your points even if
it's just slightly more secure.

Aryeh Gregor wrote:
> Okay, great.  So if someone shows up with an index finger like yours,
> there are two possibilities:
> 
> 1) Someone forged this e-mail from you that I was relying on, and the
> key I just signed is bogus.

*If* the real Jussi-Ville regularly reads this mailing list and doesn't
reply in a week, I think we can assume it's the same one
(Problem: Would mailman deliver a forged email to the subscriber? It may
also need a reply to be sure it arrives to his mailbox).

> 2) This e-mail from you is legitimate, so the key is legitimate.  But
> in this case, why didn't you just skip the middle-man and include the
> public key in your e-mail and have me sign it from there?
> 
> Getting a public key from someone who you've only communicated with
> via e-mail can *never* be more secure than just getting the key via
> e-mail somehow.  

Suppose someone alledgedly Jay Walsh walks into the key signing.
-You could verify its face against
http://wikimediafoundation.org/wiki/File:Jay_Walsh_May_2008.JPG, which
has been uploaded by his user account.

You can apply the web of trust on real world. If also Brion and Tim are
there and they confirm that it is indeed Jay Walsh, you could believe
them, based on a prior presentation, their portraits or that their keys
are at https://secure.wikimedia.org/keys.html, certified by Equifax.
(Although my browser claims that 'my connection to this website is not
encrypted')

> As far as I'm concerned, you may as well not exist in
> real life at all.  I've only read your e-mails.  Your real-life
> identity isn't necessary or even useful to my verification of the
> identity I care about, viz., your e-mail identity.

Sure. If the mailing list is full of sockpuppets of the cabal we are all
doomed. :)

> The secure way to do key-signing in situations like this is to attach
> a GPG signature to every e-mail you send.  If you attach the same
> public key to every single e-mail you send for a few years, then
> there's no question about whether the key is yours.  Whoever is
> writing the e-mails is the one whose private key is used to sign the
> mail, period.  If all the e-mails you've ever sent are forged, and I
> only know about you by reading the e-mails, then you *are* the forger
> as far as I'm concerned.

This moves the issue as to when add to your keyring/trust a signature on
a random email. If you use to add all new signatures, you're bound to
accept a fake key on a seemingly inoffensive email, which although
forged, could perfectly have been sent by that person.

> Similarly, my identity can be verified by the fact that I've had
> commit access and toolserver access for a couple of years based on my
> private key.  So you know (or at least, whoever has access to a secure
> list of public keys of committers or toolserver users knows) that
> whoever controls that private key is the one who's been doing all
> those commits and things, which has pretty much got to be the same
> person who's been posting on mailing lists and so on.  *That* is
> secure.
I don't think that list is public.

> Key-signings are probably a fun social event, though, even if they
> aren't worth much from a security standpoint, so don't mind me.  :)

Nobody really use them, so it isn't worth trying to break the system
yet, other than as a joke or proof-of-concept.
OTOH if money tranfers were routinely done based on pgp signed emails,
the panorama would change.

Tim Starling wrote:
> Private keys can be compromised by anyone with a whim and a few
> thousand dollars, ...

How's that? The methods you mention are not specific of private keys.
The same could be said about any computer system. Does that mean that no
system is secure?
Access to place a big banner into WMF servers is probably worth more
than a few thousand dollars...

Given that proper security practices are followed, the only way *should*
be the $5 wrench.