Keyservers and Spam

Jill.Ramonsky at Aculab.com Jill.Ramonsky at Aculab.com
Tue Jun 10 11:54:09 EDT 2003


> -----Original Message-----
> From: David Honig 
> Sent: Monday, June 09, 2003 6:42 PM
> To: Jill.Ramonsky at Aculab.com; cryptography at metzdowd.com
> Subject: Re: Keyservers and Spam
>
> Why not publish your key under a bogus name that goes no-where? 

The answer is simple. I cannot publish a PGP under a false name, because if
I did, who would sign it to attest that the genuinely did belong to the
person to whom it claimed to belong? Would you?

If _anyone_ signed a key with a bogus name on it, and got found out, then
_their_ credibility as a key-signer would go down the plug-hole, which in
turn would mean that PGP users would decrease their trust in the key of the
signer, which in turn would mean that any OTHER key signed by that signer
would immediately become less trusted.

I, personally, would never sign a bogus key. If I ever did find someone who
was prepared to sign a bogus key (including one which was created by me),
then MY trust in THEM would immediately drop to zero. And what good to me is
a key which is signed by someone whose authentication credentials I don't
trust?

If we allow this, then the entire web-of-trust disintegrates.

There is a parallel thread in this list on paypal-spoofing. It demonstrates
what can happen if someone signs a bogus key. It demonstrates why no-one
with any REAL credibility would ever do such a thing. When you place your
signature on someone else's PGP-key, you are attesting that you, personally,
vouch for the authenticity of the key's claim of ownership. Now, I don't
have any problem with centralised-CAs signing as many bogus keys as they
like. It makes no difference to me because I don't trust them, and I don't
trust their certificates. But the web-of-trust is a different animal. The
web of trust is based on the idea that YOU decide whom you trust, and you
DON'T trust people who sign bogus keys.

So ... if you believe (as I do) that a PGP key is untrustworthy unless there
is a chain of signers reaching from you to it, matching the settings in your
PGP configuration file, then posting a bogus key becomes completely
pointless.

On the other hand ... if the key is NOT bogus, then it has my real name on
it, and the spam problem remains.

I have seen very little discussion of this point, anywhere. The few replies
I have had to my original question suggest that there simply _is_ no
solution, except live with it. Either don't publish your key (which means
that no-one can find your key even if they have a priori knowledge of your
email address), or do (and accept the price in spam). This seems to be the
reality of how it is. This being the case, I am now starting to wonder if it
might be time to invent a new PGP keyserver protocol which addresses this
issue. Keyservers could then start to implement the new protocol, and, in
time, the problem would be solved. Does this make sense? Is this reasonable?

Jill


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list