[Cryptography] OpenPGP and trust

Ralf Senderek crypto at senderek.ie
Sat Apr 5 16:42:44 EDT 2014 


On Sat, 5 Apr 2014 Stuart Longland wrote:

> In fact, I set up an OwnCloud instance for this group, and issued
> passwords to the group by email.  The service optionally accepts
> connections via TLS, and I encourage its use, but also allow clear-text
> as it uses a self-signed certificate and some of the users aren't
> terribly technical.

You can easily solve this problem by obtaining a certificate that verifies
in almost all browsers for a few bucks per year, don't consider to use
a self-signed cert and as a consequence open up unencrypted connections
to your OwnCloud server. Instead you should configure your internet access
as HTTPS only !


> The OwnCloud system has a messaging interface, and I'm considering ways
> I can make some of that content on OwnCloud accessible via a packet BBS,
> particularly the messaging system.

Another reason to serve this content exclusively via HTTPS. Your 
non-technical users won't have any issues if you get an "ordinary"
X509 certificate for your web server.


> I could have the users supply the password they use to log into OwnCloud
> over packet radio, but then they've just given away their log-in
> credentials over a clear-text link.

No. This may be as bad as using HTTP for logins.

>From this point we're talking about user ( not server ) authentication
and that means signed PGP keys, which are called certificates as well.

> Suppose I wanted to allow any radio amateur operator to access the BBS.

This is the wider group.

> Those who are in my emergency comms group authenticate with digital
> signatures, and thus get the ability to see and post messages to our
> group's specific message board, everyone else just sees the public
> boards.

In this core group you only have to throw a key signing party once and
make sure that the call-sign is in the name-part of the key, where the
email address is located under normal circumstances. You'll only need
name and call-sign in the key ID.


> I want to be able to prove that the person registering over the Internet
> is a licensed radio amateur.

> The thought is that: supposing myself and those around me all set up
> certificates, we can verify each-others certificates and produce
> signatures that basically say "I <whoever>, trust that this certificate
> belongs to <name>". PLUS CALL-SIGN

You'll do this with your signature under the core group member's PGP keys.

> So supposing with my certificate, indicating me as holding the call-sign
> VK4MSL, I meet up with another amateur Bob with the call VK4BOB.  We
> check each-other's details and then sign each-others keys.  I tell the
> computer running the BBS to trust any key I sign.

To extend this trust to keys that have been signed by Bob, there's two
things you have to ensure.
  a) people like BOB (core group) are bound to check the name/call-sign
     on every other key they sign with a proof of a valid license.
  b) your server needs to check the trust chain to allow a login.

You might restrict the trust chain to two hops as you might not be able to
ensure that Alice adheres to a) if she signs Carols key.

> Is it safe to use the presence of someone's trust signature in a key to
> indicate the person's membership in a group or is this better stored
> out-of-band?

The key signatures "certify" the name / call-sign connection nothing else.

       --ralf

More information about the cryptography mailing list