[Cryptography] How to build trust in crypto
Bear
bear at sonic.net
Tue Mar 18 14:18:22 EDT 2014
On Mon, 2014-03-17 at 15:42 +0100, Ralf Senderek wrote:
> Bruce Schneier's new PGP key (EDACEA67) has only one signature, it's
> self-signed. If I found some meaningless comment or blog post signed
> with EDACEA67 at myblogsite, I would not trust this pubkey to secure
> a meaningful, secure contact to Bruce. It is the context in which
> the key appears, Bruce's website, that induces trust even if he
> deliberately abstains from using any kind of PKI.
Bruce's point there is "Trust is not Transitive." It's a
fundamental flaw in every business-oriented key infrastructure
so far enacted. There is a problem in associating such keys
with official identity, but they are not entirely useless in
the absence of an automated universal way to do so. First of
all, when you meet Bruce at a conference, he'll hand you his
card and it has that key printed on it. You can trust that,
including for business purposes, whether or not you got it
automatically through some signing authority.
And even if you can't associate a key with an official identity,
it still isn't useless. When you get a message from the same
key, you know (subject to theft or compromise of keys, etc)
that it's from the same correspondent who last used that key.
So there is a persistent identity there, whether or not you
can tie it to an "official" identity. You know at least that
a MITM isn't going to start impersonating that correspondent
halfway through your conversation, unless the MITM has been
there from the very beginning.
These "pseudonymous" identities are not useful for business
purposes because with business you need recourse to courts etc.
They are not useful for exchange of secrets because you need
to control exactly who secrets are exchanged with. (cf,
definition of "secret" etc....)
But they are useful to journalists and scholars who are
interested in information that can be supplied by people of
indefinite identity. They are also useful for people who
know each other IRL and can handle establishing the
correspondence of keys to identities for themselves - while
wishing to avoid any publicly available association of
these private keys with their "official" identities or
with each other's keys. For example, a sexual minority
or dissident community might have people who don't want
their keys associated with the community or each other in
any public registry, but who know each other IRL and do
want a private way to exchange social correspondence.
Likewise they are useful in "pseudonymous" social
interaction - on a private chat channel it might be
that no one knows who "Guadalupe De Loop" or "Captain
Kitty" are in terms of official identity, but it's
still meaningful to the community that no one else
can pretend to be them.
So anyway, it isn't quite right to claim that keys are
entirely useless in the absence of an infrastructure to
automatically establish correspondence to official
identities.
It's my opinion that we haven't yet even attempted to
just put a reasonable UI on people entering keys that
they've discovered in the real world (from business
cards, etc) into their system and thereafter using them.
Bear
More information about the cryptography
mailing list