Cyphernomicon Top
Cyphernomicon 7.9

PGP -- Pretty Good Privacy:
Keys, Key Signings, and Key Servers


    7.9.1. Web of trust vs. heierarchical key management
           - A key innovations of Phil Zimmermann was the use of a "web
              of trust" model for distributed trust in keys.
           - locality, users bear costs
           - by contrast, government estimates $1-2 B a year to run key
              certification agencies for a large fraction of the
              population
           - "PGP is about choice and constructing a web of trust that
              suits your needs. PGP supports a completely decentralized,
              personalized web of trust and also the most highly
              structured bureaucratic centralized scheme you could
              imagine. One problem with relying solely on a personalized
              web of trust is that it limitsyour universe of
              correspondents. We can't expect Phil Zimmermann and a few
              well-known others to sign everyone's key, and I would not
              want to limit my private correspondence to just those
              people I know and trust plus those people whose keys have
              been signed by someone I know and trust." [William
              Stallings, SLED key verification, alt.security.pgp, 1994-09-
              01]
    7.9.2. Practical approaches to signing the keys of others
           + sign keys of folks you know and wish to communicate with
             - face-to-face encounters ("Here  is my key.")
           + trust--to varying extents--the keys signed by others you
              know
             - web-of-trust
           - trust--to a lesser extent--the keys of people in key
              registries
    7.9.3. Key Servers
           + There are several major sites which appear to be stable
             + MIT PGP Public Key Server
               - via www.eff.org
             + Vesselin Bontchev at University of Hamburg operates a
                very stable one:
               - Ftp:    ftp.informatik.uni-hamburg.de
                  IP:     134.100.4.42
                  Dir:    /pub/virus/crypt/pgp/
                  File:   pubkring.pgp
                  E-Mail: pgp-public-keys@fbihh.informatik.uni-hamburg.de
             - pgpkeys.io.com
           + http://martigny.ai.mit.edu/~bal/pks-commands.html
             - This is a PGP keyserver in Zurich.   <Russell Whitaker, 7
                April 1994>
             -
    7.9.4. Use of PGP key fingerprints
           - "One of the better uses for key fingerprints is for
              inclusion in signature files and other places that a key
              itself is too bulky.  By widespread dissemination of the
              fingerprint, the chances of a bogus key being undetected
              are decreased, since there are more channels for the
              fingerprint to get to recipients, and more channels for the
              owner of a key to see any bogus fingerprints out on the
              net. [Bill Stewart, 1994-08-31]
    7.9.5. "How should address changes be handled? Do old keys have to
            be revoked?"
           - Future versions of PGP may handle better
           - One way is to issue .... "User-id revocation certificates
              are a *good* idea and the PGP key format allows for them -
              maybe one day PGP will do something about it." [Paul Allen,
              alt.security.pgp, 1994-07-01]
           - Persistent e-mail addresses is one approach. Some  people
              are using organization like the ACM to provide this (e.g.,
              Phil Zimmermann is prz@acm.org). Others are using remapping
              services.  For example, "I signed up with the SLED (Stable
              Large E-mail Database), which is a cross-referencing
              database for linking old, obsolete E-mail addresses with
              current ones over the course of time.... Anyone using this
              key will always be able to find me on the SLED by
              conducting a search with "blbrooks..." as the keyword. Thus
              my key and associated sigs always remain good....  If you
              are interested in the SLED, its address is
              sled@drebes.com." [Robert Brooks, alt.security.pgp, 1994-07-
              01]
    7.9.6. "How can I ensure that my keys have not been tampered with?"
           + Keep your private key secure
             + if on an unsecured machine, take steps to protect it
               - offlline storage (Perry Metzger loads his key(s) every
                  morning, and removes it when he leaves the machine)
             + memorize your PGP passphrase and don't write it down, at
                least not anywhere near where the private key is
                available
               - sealed envelopes with a lawyer, safe deposit boxes,
                  etc., are possibilities
               - given the near-impossibility of recovering one's files
                  if the passphrase is lost permanently, I recommend
                  storing it _someplace_, despite the slight loss in
                  security (this is a topic of debate...I personally feel
                  a lot more comfortable knowing my memory is backed up
                  somewhere)
           - Colin Plumb has noted that if someone has accesss to your
              personal keyring, they also probably have access to your
              PGP program and could make modifications to it *directly*.
           - Derek Atkins answered a similar question on sci.crypt:
              "Sure.  You can use PGP to verify your keyring, and using
              the web-of-trust, you can then have it verify your
              signatures all the keys that you signed, and recurse
              through your circle-of-friends.  To verify that your own
              key was not munged, you can sign something with your secret
              key and then try to verify it.  This will ensure that your
              public key wasn't munged." [Derek Atkins, sci.crypt, 1994-
              07-06]
    7.9.7. "Why are key revocations needed?"
           - Key revocation is the "ebb-of-trust"
           - "There are a number of real reasons.  Maybe you got coerced
              into signing the key, or you think that maybe the key was
              signed incorrectly, or maybe that person no longer uses
              that email address, because they lost the account, or that
              maybe you don't believe that the binding of key to userID
              is valid for any number of reasons." [Derek Atkins, 4-28-
              94]
    7.9.8. "Is-a-person" registries
           + There have been proposals that governments could and should
              create registries of "legal persons." This is known in the
              crypto community as "is-a-person" credentialling, and
              various papers (notably Fiat-Shamir) have dealt with issues
             - of spoofing by malicious governments
             - of the dangers of person-tracking
           + We need to be very careful here!
             - this could limit the spread of 'ad hoc crypto' (by which
                I mean the use of locally-generated keys for reasons
                other than personal use...digital cash, pseudonyms etc.)
             - any system which "issues" permission slips to allow keys
                to be generated is dangerous!
           + Could be an area that governments want to get into.
             - a la Fiat-Shamir "passport" issues (Murdoch, Libyan
                example)
           - I favor free markets--no limitations on which registries I
              can use
    7.9.9. Keyservers (this list is constantly changing, but most share
            keys, so all one needs is one). Send "help" message. For
            current information, follow alt.security.pgp.
           - about 6000 keys on the main keyservers, as of 1994-08.
           - pgp-public-keys@martigny.ai.mit.edu
           - pgp-public-keys@dsi.unimi.it
           - pgp-public-keys@kub.nl
           - pgp-public-keys@sw.oz.au
           - pgp-public-keys@kiae.su
           - pgp-public-keys@fbihh.informatick.uni-hamburg.de
           - and wasabi.io.com offers public keys by finger (I couldn't
              get it to work)
   7.9.10. "What are key fingerprints and why are they used?"
           - "Distributing the key fingerprint allows J. Random Human to
              correlate a key supplied via one method with that supplied
              via another. For example, now that I have the fingerprint
              for the Betsi key, I can verify whether any other alleged
              Betsi key I see is real or not.....It's a lot easier to
              read off & cross-check 32-character fingerprints than the
              entire key block, especially as signatures are added and
              the key block grows in size." [Paul Robichaux, 1994-08-29]
   7.9.11. Betsi
           - Bellcore
           - key signing
   7.9.12. on attacks on keyservers...
           + flooding attacks on the keyservers have started; this may
              be an attempt to have the keyservers shut down by using
              obscene, racist, sexist phrases as key names (Cypherpunks
              would not support shutting down a site for something so
              trivial as abusive, offensive language, but many others
              would.)
             - "It appears that some childish jerk has had a great time
                generating bogus PGP keys and uploading them to the
                public keyservers. Here are some of the keys I found on a
                keyserver:...[keys elided]..." [staalesc@ifi.uio.no,
                alt.security.pgp, 1994-09-05]
 

Next Page: 7.10 PGP Front Ends, Shells, and Tools
Previous Page: 7.8 How to Use PGP

By Tim May, see README

HTML by Jonathan Rochkind