[lug] Public Key Signings

Neal McBurnett nealmcb at avaya.com
Fri Oct 13 08:22:34 MDT 2000


Once upon a time, Michael J. Pedersen <marvin at keepthetouch.org> wrote:
> On Wed, Oct 11, 2000 at 01:14:09PM -0600, Neal McBurnett wrote:
> > You've talked of a driver's license.  But that only verifies someone's
> > name.  For proper security, you should only sign an email address on a
> > key if you have verified the email address also.  People can claim any
> > email address they like on a key.  Suppose you were to sign my key
> > with an email address of <nealmcb at whitehouse.gov>.  Subsequently, when
> > you get email in which I forge that as the From: address (also trivial
> > to do), GPG would assure you that it was my signature, as verified by
> > you.  Then you (or other people that trust your signature) might
> > mistakenly conclude the email really was from someone at the
> > White House.
> 
> That's true. However, I'm not attempting to tie people to email
> addresses. I'm attempting to tie people to keys.
> 
> This might sound wrong, and insecure, but it's not. Afer all, with
> current code, you can edit your keys at any time to change your
> email address. I sign your public key, and then you change it to be
> the forged email address. It's still broken.

Thankfully, this is not how GPG or PGP work.  What you sign is the
binding of the id to the key, not just the key.  They can't change
that id without invalidating your signature.  If someone adds a new id
to their key, you are not listed as having signed that id.

So in this old PGP 2.6 example, Phil Karn asserts that he knew one
(old) email address for me, and Jeff Schiller asserts a different one:

Type bits/keyID    Date       User ID
pub   768/5736E0ED 1996/02/27 Neal McBurnett <nealmcb at bell-labs.com>
sig       955EC2C1             Phil Karn <karn at ka9q.ampr.org>
sig       5736E0ED             Neal McBurnett <nealmcb at bell-labs.com>
                              Neal McBurnett <neal at dr.att.com>
sig       961F4A35             Tatu Ylonen <ylo at ssh.fi>
sig       0DBF906D             Jeffrey I. Schiller <jis at mit.edu>
sig       52E3131D             Neal McBurnett <neal at dr.att.com>

If your signature means anything, it means that you believe
there is a binding between the id and the key, and if the id
has an email address or a comment, you should verify that also.

Thanks again,

Neal McBurnett <neal at bcn.boulder.co.us>  303-538-4852
Avaya Inc, the former Enterprise Networking Group of Lucent/Bell Labs
http://bcn.boulder.co.us/~neal/      (with GnuPG/PGP keys)




More information about the LUG mailing list