[Cryptography] How to build trust in crypto

Bear bear at sonic.net
Tue Mar 18 14:18:22 EDT 2014 

On Mon, 2014-03-17 at 15:42 +0100, Ralf Senderek wrote:

> Bruce Schneier's new PGP key (EDACEA67) has only one signature, it's
> self-signed. If I found some meaningless comment or blog post signed 
> with EDACEA67 at myblogsite, I would not trust this pubkey to secure
> a meaningful, secure contact to Bruce. It is the context in which
> the key appears, Bruce's website, that induces trust even if he 
> deliberately abstains from using any kind of PKI.

Bruce's point there is "Trust is not Transitive."  It's a 
fundamental flaw in every business-oriented key infrastructure
so far enacted.  There is a problem in associating such keys 
with official identity, but they are not entirely useless in 
the absence of an automated universal way to do so.  First of 
all, when you meet Bruce at a conference, he'll hand you his 
card and it has that key printed on it.  You can trust that, 
including for business purposes, whether or not you got it 
automatically through some signing authority.

And even if you can't associate a key with an official identity,
it still isn't useless. When you get a message from the same 
key, you know (subject to theft or compromise of keys, etc) 
that it's from the same correspondent who last used that key.  
So there is a persistent identity there, whether or not you 
can tie it to an "official" identity.  You know at least that
a MITM isn't going to start impersonating that correspondent
halfway through your conversation, unless the MITM has been 
there from the very beginning.

These "pseudonymous" identities are not useful for business 
purposes because with business you need recourse to courts etc.  
They are not useful for exchange of secrets because you need 
to control exactly who secrets are exchanged with. (cf, 
definition of "secret" etc....)

But they are useful to journalists and scholars who are 
interested in information that can be supplied by people of 
indefinite identity.  They are also useful for people who 
know each other IRL and can handle establishing the 
correspondence of keys to identities for themselves - while 
wishing to avoid any publicly available association of 
these private keys with their "official" identities or 
with each other's keys.  For example, a sexual minority 
or dissident community might have people who don't want 
their keys associated with the community or each other in 
any public registry, but who know each other IRL and do 
want a private way to exchange social correspondence. 

Likewise they are useful in "pseudonymous" social 
interaction - on a private chat channel it might be 
that no one knows who "Guadalupe De Loop" or "Captain
Kitty" are in terms of official identity, but it's 
still meaningful to the community that no one else 
can pretend to be them. 

So anyway, it isn't quite right to claim that keys are
entirely useless in the absence of an infrastructure to
automatically establish correspondence to official 
identities.

It's my opinion that we haven't yet even attempted to 
just put a reasonable UI on people entering keys that 
they've discovered in the real world (from business 
cards, etc) into their system and thereafter using them.

			Bear

More information about the cryptography mailing list