Keyservers and Spam
John Kelsey
kelsey.j at ix.netcom.com
Fri Jun 13 11:47:03 EDT 2003
At 09:19 AM 6/11/03 +0100, Jill.Ramonsky at Aculab.com wrote:
...
>I observe that "confirmation" of the fingerprint by phone is worthless
>unless the recipient is able to recognise my voice. In the case of a
>stranger, that won't be the case.
It's not quite worthless, as it raises the cost of the attack quite a
bit. It's a lot more expensive to keep someone around 24/7 ready to spoof
a key fingerprint reading on an intercepted phone call than it is to
silently put the wrong key on a key server and automatically intercept and
replace e-mails. If you can't make your system impossible to break (alas,
you usually can't), you may as well at least make it an expensive and
unpleasant target.
It would be easy enough to specify a key server that only responded to
queries on precise e-mail addresses, which would make some sense (it's
reasonable to expect that you already know my e-mail address before we
start an encrypted conversation). I think that's much easier and cleaner
than monkeying around with the certificate information (e.g., by putting
"random_user (at) random_host (dot) org" or something into your
certificates.) As you stated, that ends up undermining one of the
assumptions of certificates and the web of trust. Also, it's nice to let
e-mail software have some hope of figuring out which key in the keyring
goes with which public key.
>Jill
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list