Keyservers and Spam

Bill Frantz frantz at pwpconsult.com
Tue Jun 17 18:35:11 EDT 2003 

At 10:02 AM -0700 6/15/03, David Honig wrote:
>At 03:41 PM 6/13/03 -0700, Bill Frantz wrote:
>>
>>The HighFire project at Cryptorights
>><http://www.cryptorights.org/research/highfire/> is planning on building a
>>"web of trust" rooted in the NGOs who will be using the system.  Each NGO
>>will have a signing key.  A NGO will sign the keys of the people working
>>for it.  In this manner, we have way of saying, "The John Jones who works
>>for Amnesty International".  A NGO may decide to sign another NGO's signing
>>key.  Now we have a way to say to someone in Amnesty, "Send a message to
>>Steve Smith in Médecins Sans Frontières."  The plan is to show the trust
>>relationship in the UI as a path of keys.
>>
>>I would appreciate your comments.
>
>Threat model: NGO_Alice is compromised and signs GESTAPO key, leading
>to NGO_Bob's demise.
>
>Possible counters:
>
>NGO_Alice's NGO key is a split key, so >1 person needs
>be rubber hosed.  I don't know if PGP supports this, I don't think so.
>
>Short key expirations, in the limit trusted for just 1 day.  Already
>possible, just document this.

I think, at least in the beginning, we will depend on having the NGO level
signing keys kept in parts of the world where strong arm tactics are
unlikely and having written guidelines for their use.  I assume that
NGO_Alice won't sign NGO_Bob's signing key unless NGO_Alice has reason to
believe that NGO_Bob is following the guidelines.

I should note that we have a bunch of things to do, and getting something
out is more important than getting the best possible thing out.  We can
improve things later, once we have a structure to enhance.


>Also, how do you counter the GESTAPO from seeing queries to the
>key servers?   It might be enough to jail anyone making such an
>inquiry.  Possible solutions would include having the keyserver
>perform some innocuous function, and use SSL for all connections
>to it.  Also SSL proxying and stego of course.

We will probably have all communications with the key server go through one
of SSH/SSL/TLS/IPSec.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | "A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506         | like a Breadless Sand- | 16345 Englewood Ave.
frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list