Slashdot Mirror
PGP/GnuPG June Key Analysis
Drew Streib writes: "In the spirit of some work begun by Neal McBurnett a few years ago, there is a June report of keys from global keyservers. This report covers about 1.5 million keys, from a 1.7GB public binary keyring, focusing on keys that are nearest the center of the web of trust. Using a GnuPG key? This will tell you where you stand in the overall rankings, as well as signatures to look for. Not using one? Maybe you should be." This would be worth reading for the explanation of the analysis alone.
Don't you just wanna SHOOT those people!?!
- A.P.
--
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
As soon as someone integrates it into Mozilla! Mozilla does everything I need in a mailer right now except GPG/PGP support:
Good IMAP support (most stable I've seen)
SIMAP and SSMTP support
Graphical (hey, if I'm useing X, may as well use it)
Cross platform (can use it under Windows or Linux)
..while I'm at it, roaming profile support in mozilla would be nice too.
This is a fascinating bug, BTW. Discussion about NSA security policy, an NAI developer offering his time for the feature, and the effect the patch would have on the tree.
It's highly unlikely (based on the history and state of 0.92) that the patch will make it into the main build, but if you are brave and foolhardy you can try out the code yourself.
I put my ID fingerprint on my business card, then my key on the keyserver. If somebody who has my card wants my key, they download it and compare the fingerprints. If they don't have my card, they can call me and read out the fingerprint, or verify it through some other means that is more trustworthy than email.
Self-signatures also prevent third parties from adding another email address to my certificate and submitting it back to the server. If each email address on a certificate is self-signed, only the posessor of the private key could have added those IDs to the key.
The web of trust is one way of verifying that a key really belongs to a particular principal, but it is not the only way. Flexibility is one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the trust web. If you roll your own offline verification method, you don't even need to trust any of them.
-- veni vidi nuclei deceri --- I came, I saw, I dumped core.
Have you considered putting a sig on the end stating that it's digitally signed? .. maybe why it's a good thing. (I do that sometimes.)
===
Could anyone explain what the point of Public Key Servers is?
:)
/. /    |\/| |\/| |\/| / Run, Bill!
I wonder why this was mod'd as 'Funny'. It's a pretty good question.
It's not like 'centralizing' security responsibility as in 'Passport' services. It's a part of key-management/key-distribution in public-key encription system.
In layman's term, having a centralized public keys repository could help maintaining higher security comparing with requesting public key from an individual by email.
Say you'd like to send a confidential message to A, and you start by requesting A his public key; if an intruder is listening to your email, and learn from your initial public-key request mail that you are going to have a secure transfer, then the intruder might be able to impersonate A and send you a fake public-key.
That's more issues on it, just gave you a very simple exmaple....anyway I wish it helps.
 _
I'd rather use an algorythm that is pretty much proven by the cryptographic and mathematical community to be unbreakable than some new one that has yet to be proven (or, more importantly, disproven). Cryptography is not a science where newer=better.
The analysis misunderstands one of the most fundamental principles of the PGP trust model: trust is not transitive.
What this means is that if Alice trusts Bob to sign keys, and Bob trusts Carol, Alice does not automatically trust Carol. She may not even know Carol. Just because Bob trusts her, that doesn't necessarily mean that Alice should trust her.
After all, Alice is trusting Bob to accurately sign keys. She judges in her own mind how trustworthy and reliable he is at this task. How likely is he to screw up and sign a bogus key? These are the issues she considers.
To have transitive trust, she needs to make a much more careful evaluation of Bob. She must decide not just how good he is at mechanically verifying keys, but also how good a judge of character he is. If she were going to trust Carol just on his say-so, she would need to know that he is able to judge good key signers. This is a different type of skill than just being a good key signer. It is a people skill, not a technical one.
For these reasons and more, PGP does not use transitive trust. If Alice trusts Bob as a signer, and he signs Carol's key, Alice concludes that she has a good key for Carol, that is, a key that truly belongs to Carol and not someone else. But she does not conclude that Carol is a good signer. PGP software will not treat signatures Carol makes as valid.
Alice must make a decision in her own mind about whether Carol is a trusted signer. Only if Alice marks Carol's key as trusted will Carol's signatures then start being effective. In PGP, it is the end user who makes the decisions about trust.
Because PGP uses non-transitive trust, the metric in the dtype.org article is not very relevant. It doesn't matter if there is a chain of signatures from Alice to Zelda, because that will not make Zelda's key trusted. Alice (and every other end user) needs to decide for themselves which keys they will trust.
What, then, is the role of the "Web of Trust" in PGP? It works like this. In the example above, suppose Alice knew Carol and did in fact want to trust her. Well, to trust her she needs her key. But how does she know that she got the right key? This is where the web of trust comes in.
If she gets Carol's key from the key server and it is signed by Bob, whom Alice knows and trusts, she can conclude from this that she has Carol's true key. She can then mark this key as a "trusted introducer" (in PGP terminology) and at this point, signatures issued by Carol's keys are trusted by Alice.
The web of trust played a part, by helping Alice to know that she had a good key from Carol. She didn't have to call Carol up and verify fingerprints, she didn't even have to sign Carol's key. Bob's signature on Carol's key was enough to know that the key was correct.
Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed. She knows that these keys are correct as well, and possibly some of those key holders are people Alice will also trust as introducers. In this way the Web of Trust gets extended, but each person makes his or her own trust decisions.
I hope this clarifies how the Web of Trust works in actuality.
The public key is based on a number that is the product of two large primes. The private key is based on the primes.
When you attempt to decrypt the message you are in effect asserting "The public key was divisible by these two numbers." At that point it is easy to check, and say either "you are right, here's the plain text" or "nope, it isn't divisible by them." Thus GPG can tell when you put in the wrong key, since multiplying two numbers and comparing them to a third is easy. (Note again: this is a gross oversimplification to just nail down the point in question. There are a LOT of details beyond this.)
Notice that this does not mean that it is easy to "work out" the factors of the large number; the whole basis of this system is that it's easy to check an answer, but there are more potential answers than you could possible check (and a few other details, such as the fact that checking a subset does not provide any information about the unchecked values, etc.).
Hope that helps.
-- MarkusQ