[Cryptography] keys, signatures, trust, identification, badges, et cetera

John Denker jsd at av8n.com
Wed Sep 10 16:27:48 EDT 2014


On 09/09/2014 09:09 AM, ianG wrote:

> Keysigning parties struggle to make meaning of the signature and of the
> key.  What does it mean when I sign your key?

Indeed!  That's the crucial question.

AFAICT the question is unanswerable within PGP's conceptual
framework, because the framework is too unsophisticated and
inflexible.

>  In some groups it means
> "I saw this person" and in others it means "this person's ID matched
> their key ID text fields."

Indeed!  AFAICT the whole idea behind the usual key-signing 
party is predicated on confusing the concepts of identification 
and trust ... which IMHO ought to be kept well separate.

On top of that, the PGP notion of "trust" is far too
simple to be useful.

In the real world, I sign /documents/ where the body of
the document spells out what my signature means in that
particular context.  On another document, my signature
might mean something else entirely.

You can use PGP to sign documents, which is fine ... 
but in contrast, the idea of a "keys signing keys" is 
inherently ridiculous.  There is no way to assign a 
reasonable semantics.

In the real world trust is highly multi-dimensional.  I
might trust you with one set of things but not another.

Possibly-constructive suggestion:  In the social-media
world we have /badges/.  The more formal name for 
such things is /credentials/.  A related concept 
is /certificates/, if we use the word in its broad 
vernacular sense, *not* limiting it to x509 certificates.
Examples include driver's licenses, teaching certificates, 
workplace ID badges, et cetera.

These serve to split the difference between the highly
detailed notion of a signed document and the highly
non-detailed notion of "trust" versus "non-trust" as
conceived by PGP.

For example, so-and-so might earn a Cryptography List
badge, which we define to mean that they are a known,
established contributor to this list.  It does *not*
mean that we have identified the person in any physical
sense;  the contributor could be a sock puppet controlled
by some unknown person ... or could be the proverbial
dog typing at the keyboard.  The badge -- securely
associated with a particular PGP public key -- serves 
only to indicate that a message comes from the same 
person (or dog) as last time.  This usefully solves a
/subset/ of the general identification problem, and
a /subset/ of the general trust problem.

In general, people rely far too much on credentials.
A credential is just a symbol.  Never confuse a symbol 
with the thing symbolized.  However, my main point 
remains:  For every problem that credentials have, 
the PGP "trust" model has the same problem only 
orders of magnitude worse.

All this is discussed in more detail, along with some
related issues, at
  https://www.av8n.com/security/trust-auth.htm

I have no idea how hard it would be to create a
PGP-like system that supports badges.


On 09/08/2014 07:05 PM, Tony Arcieri wrote:

> The main use case I'd like to see is sharing fingerprints (or keys)
> phone-to-phone. 

There's an app for that.

>  I recently went to a "keysigning party" (not expecting
> much) and left with a ton of paperwork to do, and I hate paperwork.

I have not carefully researched the issue, but the 
android app "APG" seems to work fine for that.  It can
put a QR-encoded fingerprint on the screen for others
to scan, and it can scan QR codes from others and 
interpret them correctly.  Details on this and other 
options are discussed at
  https://www.av8n.com/computer/htm/distributing-keys.htm



More information about the cryptography mailing list