[Cryptography] OpenPGP and trust
stuartl at longlandclan.yi.org
Fri Mar 28 21:43:24 EDT 2014
I've been doing some more thinking (and not at 2AM when I'm ¾ asleep) so
hopefully my reasoning is a bit more sound. :-)
I'm looking at ways in which I can authenticate users, and the automatic
agents they might be responsible for, in a distributed manner. In
particular, I'm thinking of the amateur radio world but the situation is
applicable elsewhere too.
In Amateur Radio, encryption is more or less outlawed. In the US, it's
not allowed on air, end of story (I hear much vigorous discussion about
it on the digitalvoice mailing list). Here in Australia, it's allowed
for very specific circumstances, such as in emergency communications.
Regardless of your location, in most places it is frowned upon.
The information I'd be wanting to send isn't of a nature that requires
great confidentiality, so encryption in this case is pointless. (i.e. I
don't care that someone sees me tell a computer to "reboot", but I do
mind if someone tries rebooting my computer.) I do however, want to be
able to identify users and authenticate them without opening them up to
the risk of impersonation.
Some of these services are accessible by both radio and the Internet, and
while the latter permits encryption, authentication on both is a real
Presently, there are a few means of authentication. One is call-sign
databases ran by QRZ.com and other sites. Some of these cost money
(after all, they cost money to run) to query. Unfortunately at best they
can tell you that the callsign AB2CD is a valid call-sign and is owned by
"Joe Public" living in some part of the US.
Not a lot of help. It doesn't tell me that the IP address of 184.108.40.206
that just requested to log into my site is the legal owner of that call-
Some might be able to take a password the user supplied to you and check
that for validity. This is good over the Internet if you can retrieve
the password confidentially, but no use if encryption is unavailable.
Well, you can try it: but then hey, everyone else knows your password now!
OpenPGP does provide a means of me "vouching" for another user. Suppose
I wanted to set up a messaging service for my local emergency
communications group, Brisbane Area WICEN. We set up a computer and plug
it into a radio, mount that up on one of the towers we rent. (They've
got a couple around SE Queensland.)
The computer is in some comms room, not accessible to me directly, and
not connected to the Internet, but I want users to be able to
authenticate themselves over the clear-text link, so the computer can
differentiate them from some smart-arsed pirate with a $50 hand-held
radio off eBay and a radio-computer interface.
It'd also be useful from an administrative stand-point to be able to send
administration commands to that computer, have it perform instructions,
then get back to me. A bit like the `uux` command in UUCP. (And yes, I
know of "grunt" and do use it over UUCP/SSH already.)
In this example, if I got everyone to create OpenPGP sign-only RSA keys,
then at a meeting, we held a key-signing party. That would mean we'd
have a set of keys, wherein anyone's key in that group could identify
anyone else's. The messaging computer would also get its own OpenPGP
key. The computer would "sign" the administrators' keys, thus allowing
anyone whose key has been signed by an administrator, to use that system.
All seems well.
The problem I'm grappling with right now is if I wanted to introduce a
second system with its own users and cross-authenticate.
As I understand it there are 4 levels of trust:
- unknown: You wouldn't have a clue how good this person is at checking
- none: You know this person signs anything put under their nose, and so
you can't trust them to vouch for another's identity
- marginal: You trust them somewhat.
- full: they take identity and trust seriously.
The computer really has no means to check identity, so if anyone signs
its key, the trust should be considered 'none'. i.e. the person signing
does not trust the computer to check identity (because it can't).
The computer could be set up so when a new user comes along, if it allows
"anonymous" access, it signs the new key with a trust of 'none' (after
checking it doesn't already have a key for that user) so that user may
As for users from another site, I guess the messaging computer from our
site could sign the other site's key with marginal trust, and that would
allow keys signed by the other site to log in here.
Now the flaw I think I can spot with this arrangement: suppose a fool of
a user were to "sign" the computer's key with absolute trust. Anyone who
had signed their key with marginal or absolute trust would now implicitly
trust any key that computer had signed. A big problem if that person had
an admin key.
I can revoke a signature, question is what stops someone from submitting
an old version of a key? Does OpenPGP merge trust updates coming from
Am I better to sign signatures to indicate identity, or would I be better
storing a fingerprint of their signature elsewhere and referring to that
to check authentication? Or does attributes like the mean-shortest-
distance serve well enough?
More information about the cryptography