Slashdot Mirror
Ask Slashdot: Is There a PGP Key Repository?
Martin Foster asks this question:
"I noticed that a lot of Sites, such as Sendmail.org,
Kernel.Org et cetera, sign all their downloads with a
PGP Signature. While this is useful, getting a copy of
this key can be a bit more difficult then it looks.
For example, I have yet to be able to retreive the key from
Red Hat's page. I had to look though the PGP Keyserver and
guess which one was the correct one. Is there a site on
the net that just stores such keys? Making it a central
place to get any key needed to veryfy if a file is really
as it seems?" A centralized, trustworthy place
for downloading public keys seems to be a good idea. What
do you all think?
Sure, the encryption is nice, but the system overall is a pain in the ass to use and maintain.
That's why a nice managed PKI is better. You can be a member of the PKI of your choice, and the PKIs can be cross-certified, meaning instant trust between PKIs. Sweet. And transparent to the end user.
Some day we won't need to worry about mucking around with keys manually.
The keyservers already provide a pretty good repository for obtaining keys (always provided, of course, that people think to upload them). The real problem seems to be knowing *WHICH* key to download from the server to verify a given signature. I recently ran into the same problem with the KDE distribution (RH 5.2 RPM's, if that makes a difference). I still haven't found the right key...
Perhaps a good solution would be a convention for telling us what key we need to get from the keyserver -- say, post the key's ID and fingerprint on your main web page or main download page?
Good Lord, if you had read your documentation you would know this is already available! And for those of you who don't think PGP is popular, think again. MANY people use it.
Linus, Alan, Red Hat, VA Research, Debian developers, should all sign each other's keys. Maybe we should set up a virtual trust hierarchy with Linus at the root.
What happens if you can't connect to the keyserver? (either because it's down or there's a network problem somewhere)
What happens if the keyserver becomes compromised, and the admins don't notice it right away?
It seems there should be several official keyservers that DON'T mirror each other. Yes, this means developpers would have to upload their key to each site, and everyone else would have to check all the sites before they're able to trust a certain key.
While the repository should be mirrored I think that with the way PGP is designed you would download the key to your HD. PGP would still be able to function with the key server down, but would be unable to retrieve any new keys.
The problem is that a lot of public keys are not signed by anyone but the author himself.
The key is used to verify that nobody has fiddled with the tarball you downloaded. If you trust the download, or don't care, you don't need the key.
There are public keyservers, sure, but several of us at Northern Virginia LUG and DC-LUG are in the process of setting up a PKI using PGP keys. In essence, we will have key managers who get keys from various developers and place them on a keyserver. Access to add keys is limited, but it will be open to download keys. Once we have it up and running, hopefully other LUGs will take the cue and we will build a worldwide web of trust.
Yes. All hail emperor Linus and his new found power over the world.. Linus may bestow upon a software firm the blessing of his signature that it may pass unto the net securely. Surely without his appraisal it cannot be good...
(etc)
It seems to me that the best idea would be to have a number of key repositories. If you wanted to verify someone's key, you'd have to check a certain number of them, and only trust the key if they all agreed. This would mean that someone would have to subvert a high percentage of the repositories in order to comprimise the system. Of course, it would also require that you register your key at several different places, but this cost is comparitively minimal. Besides, you could easily automate most of the process.
- si1k
si1k@canada.com
http://www.coolsig.com <- not mine, but a goody!
does anyone use this? opinions?
I guess that PGP is by *far* the most popular type of public key cryptology system. Given its development by NAI (a company I don't trust for various reasons) and the way it has been developed (version 5 stuff is whack and hard to integrate with mail systems) there is a place for other systems. GNUpgp seems the most popular - I believe Debian uses it now.
blah
I use it. It's much better than PGP. If you
value freedom, use GPG instead of the corporate-
controlled PGP. PGP has been bought and sold.
GPG is the choice of the GNU generation.
Anon.
It's not ready, IMO.
I use PGP. And I would dearly love to be able to
stop using it. But GnuPG simply isn't mature
enough yet. Too many things broken. Too many
things break on new releases. It won't even
build and run on some 'nix systems. And (tho I
couldn't care less, but it matters) it presently
does not build on anything *but* 'nix systems.
(A Ms-Win32 [?] port was done once, but it's not
current.)
Should software authors be required to sign their software and patches as a condition of acceptance onto FTP sites? Signing your software is a vital protection against malicious modifications by third parties and is less onerous than writing it. For those unfamiliar with the signing process, there is an excellent HOWTO document describing the process.
Surely contributors to the FSF should set an example and insist on software signing? Unfortunately, despite the risks of unsigned software, eloquently explained at Linux World, most of the software available by FTP around the world has not been signed. For example, on the alpha GNU it appears that none of the software is signed. Major FTP sites like SunSITE and XFree86 have mostly unsigned software.
> Surely contributors to the FSF should set an example and insist on software signing?
:-).
Unfortunately, PGP's got a "virus" that's worse than the "GNU
virus". (Specifically: "RSAREF") If you read the license, you will
find that "free" versions of PGP may *not* be used in a commercial
context. I would imagine that the restrictive RSAREF license would
preclude PGP's use by GNU-ites. Note that this means that you may
not *legally* use PGP in a commercial environment even just to check
signed objects! (Which makes NAI's PGP signing of security
announcements rather ironic--considering that they don't even have
commercial versions available for anything but Windoze and Mac
boxes. Wonder how they expect the rest of us to validate their
announcements? Twits.)
Once GnuPG become viable, you will have a point. Or when the RSAREF
patent runs out on Sep. 20, 2000
RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM. RTFM.
SSN? Driver's license #? Credit Card #? Password to a system you want to send to someone but want it protected?
Bad examples. SSNs are public record, as are DL numbers (and in some states, they are the same number!) Credit card numbers, while not quite public record, are easy to get. There are far more vulnerable places that they are stored than anything electronic. And most people log into machines using telnet, so why bother to keep the password secure, when the same person pulling it out of your email could have just pulled it off the wire.
Then the FSF should do it. They are the only trustworthy organization that has ever existed.
In my opinion all people writing free software should use gpg if they want people purchasing the software to be able to check your sig. The free pgp licence is against the use of PGP in money changing transactions, meaning any time money changes hands and PGP is used,...you must purchace the licence. This is fair enough but it does pose problems when people want to check your sig but don't have the $$, or for whatever reason don't want to buy the licence.
Also, FreePGP can't be used by any government agency, or university or college I believe. I for one would preffer that they have something they can use for free so I will be using gpg instead.
Course there is also the problem were pgp can't check gpg sigs, but gpg can check pgp sigs. I guess it just depends on your target which is best for you to use. But keep in mind that legaly you can't use PGP to check your RedHat CD without buying the PGP commercial licence....and unless they bought it, they are breaking the law signing it with pgp.
PGP is popular with people who like to have an open secure channel. My key is out there. You can verify that it's not fake by looking at the fingerprint on the card I handed you. You can communicate with me with complete confidence that the person on the other end is really me, and nobody but me. And vice versa. It's a Killer App.
Do you mean that if I use PGP I should read the manual?
And PGP is widely used.
PGP does that.
The problem isn't, btw, w/ folks randomly signing others' keys -- as long as they verified that the key really does belong to the person it's supposed to. I verify the fingerprints by phone; As long as people follow such precautions, there's no problem w/ signing as many keys as one likes.
.
Posted by Art Pepper:
I use it.
Posted by FascDot Killed My Previous Use:
p ub_key_default.asp
Here's the URL http://www.nai.com/products/security/public_keys/
But I have to wonder how you managed to install/use PGP without reading the instructions enough to know about the site.
Posted by FascDot Killed My Previous Use:
Read the docs that came with your software.
Posted by InControl:
l ookup_key.asp
There are two central pgp key servers. The first is ldap://certserver.pgp.com. The second is http://pgpkeys.mit.edu:11371. Either of these can be set to be automatically accessed by PGP6+ programs when an unknown key is found.
There is a web interface to request a key as well, http://www.nai.com/products/security/public_keys/
Perhaps you should gain an understanding of what these signatures mean before posting such comments. Cheers,
--
Xenu loves you!
This is what we need if PGP has to become more widely used!!!
There are plenty of sites that you can get public keys from. Of course, if you are going to place much trust in the key you still need to verify the key's fingerprint with the owner.
I'm pretty sure nai runs a HKP (Horowitz Key Protocol) site as well as the silly web interface to get keys . . .
Why would we need more servers?
"Flame away, I wear asbestos underwear"
pgp.net was set up for just this sort of thing.
...
See pgp.net for background info and a list of morror sites (or lookup the TXT RR for www.pgp.net for mirrors -- see wwwkeys.pgp.net for WWW access to to the distributed key servers).
Note that none of the keys are in any way checked -- it is up to *YOU* to check the signatures, etc.
On the other hand, "The Global Trust Register" does impart a warm glow
Unfortunately, too many signing keys for software distribution rely on massive key redistribution, instead of using the web of trust.
I wonder...
What do your fellas think?
CP
One should really split this into two issues:
* "certification" -- individuals and organizations
should certify the PGP public keys of software
authors based on various criteria; I sign people
I know, others might sign people who they're
willing to vouch for as good people, etc.
* "distribution" -- getting people to upload
their keys to a keyserver or other repository.
This does *not* require any trust. One could
run a slashdot key server, or use the existing
key server infrastructure.
Do not merge the functionality! Otherwise you'll
end up with x.509. CAs, and all the attendant
crap. PGP uses the web of trust for a reason.
So, once one separates key distribution from
trust relationships, another interesting question
comes up:
Should I, as a user, sign the key of, say,
Ben Laurie (apache-ssl, openssl guy), saying I
know him (I'd say yes), and that he's generally
a good guy?
Or, is it more important that I sign the *code*
also, saying I've reviewed it and it seems
reasonable?
I think people should do both -- I'd be far
happier if there were signatures from everyone
who seriously looked at the code for security
purposes on the code they reviewed, rather than
just on someone's key.
These are really two separate problems, but both
need to be solved.
At MIT, Lenny Foner and others were working on
a system to allow people to individually sign/audit small subsections of a large security
program. This seems more reasonable than
a system where people have to look at all the code, or sign none of it. As long as design
is sufficiently encapsulated (ideal from a
security perspective, but not always possible),
it should be possible to review only a single module. A build system could then be constructed
to require a threshold number of signatures from
a set of people you trust, but not necessarily
the same individuals reviewing the whole program.
This is really the next step in cryptographic
signatures -- "signature management" to go along
with trust management. To do it, one would need
a patched build system, and potentially also
a standard for signatures and keys to include
*why* they are being signed, not just that there
is a valid cryptographic signature. I could
sign an Anonymous Coward's code to assert I believe it is secure without knowing the identity
of the Anonymous Coward. *This* is the main
advantage of a decentralized freeform system like
PGP (yay openpgp! yay gnupg!) over a rigidly
enforced corporate hierarchy like x.509.
Debian has gone far beyond most corporations in
its use of PGP tools to verify developers (I think
Red Hat has as well). This is the next step...
1024D/4096g 0xD2E0301F Ryan Lackey
B8B8 3D95 F940 9760 C64B DE90 07AD B307 D2E0 301F
I use GnuPG on a daily (exclusive) basis.
It certainly has some reliability issues
sometimes, far more than PGP, Inc.'s product.
I've only had the system break during upgrades,
and once it works it works quite well. The bugs
are all very apparent to the user, like the thing
just refusing to sign or use a key, rather than
things which could open security holes.
Overall, I'd be more comfortable using GnuPG,
since I can easily audit the source (it's smaller
and easier to understand), support the GPL,
and tell people worldwide to use the same
product, than using a PGP, Inc. product.
Being a little bit on the edge to push a good
thing like a GPL'd OpenPGP implementation is
worth a bit of sacrifice, too.
This is what I was trying to stress. Have a central repository maintained by Redhat, where only corporations and/or organizations could put their public destributions keys. A nice central place to get all the keys you could want, while not having to sift though a large amount of keys and having to guess.
But apparently everyone seems to beleive that I can't read a manual. Go figure.
I fully agree with you that PGP is based on trust. But on RedHat's offical page I have never been able to get their signature to be read correctly by PGP.
So, I look at the key repository and find multiple keys (This can apply for most corporations or large organizations)... Which do I choose? They almost all look the same, and when I find one that matches, I notice subtle differences, probably based on the key not being updated.
What I was thinking as a Central Repository maintained by let's say RedHat, who carry only the most recent and used destribution keys. Hit one site get what you need and leave. That's what I was implying, since it saves you from having to sift though identical keys and makes guesses.
Nice to see someone managed to get that right. I was not trying to make a complete fool of myself by asking this. I have PGP at home and use it, and sure I trust those who send me their keys.
But I hate sifting though endless keys on the main keyservers in order to get a key I need. Specially when there are ambiguous names.
This is exactly what I was looking for. A place where I can get all the needed keys. It's not that I do not trust RedHat, just that I have never been able to get their signature to load up into my keyrings (states that no key exists). So getting it off a site that has it would be an asset... Especially if I can get keys for Kernel.org, RedHat, Debain, Sendmail, SSH et cetera, in one hit.
It seems that many of you have not fully understood the meaning of this question. What I was wondering, was a site where I could get all of the keys for Corporations or Organizations that I may be able to download code from.
Let's say a repository that contains the destribution keys of RedHat, Kernel.Org, Apache, Debian, SSH et cetera. That way you connect to one site and retreive them, not needing to sift though all the keys on the repository (RedHat has quite a few and non matched the one on their WebPage).
I know that there are repositories in place, and I have used them before. Heck my key is there too, but that does not deter the fact that a specialized site that is actively mantained (when a maintainer changes the key the old one gets removed) and remained secure.
Though I must admit that only a site that most people would trust could be used. For example RedHat housing the repository on their servers, and making sure that it is not tampered though various security means.
Like I said, I don't like to sift though endless keys that could possibly what I need. I would like to visite one site and get all of the destribution keys that I need.
An analogy to this would be like going to a store that specialiases in books from a specific gendre, or going to Chapters (being the main repositories of today).
You *CLEARLY* have not read the documentation.
The "Web of Trust" that keeps getting mentioned is not just some catch phrase we're bandying about. It is the mechanism by which we avoid the problems you're talking about of knowing which is the right key. That's the whole point of people being able to sign each other's keys. Let's say you have to decide on whether or not the key you downloaded was the right one, you'd want to start by looking at the names of the other people who signed the key that the document was signed with. If you don't know for sure that those are their keys, you can trace outwards further until you reach a signature used by someone you *do* know and trust.
It sounds a little far fetched, but if you are a relatively widely recognized figure, you should get out there and try to exchange signatures with as many other widely recognized people that you trust as you can deal with. I know it sounds irrational to try to find an associative link between yourself and various software developers, yet people play "Six Degrees of Kevin Bacon" (or whatever it's called) all the time. It's not as hard as it looks.
Yeah, but which version(s): 2.6.2foo, 5, 6, or whatever the "current" version is these days?
MIT has a PGP key server written by Marc Horowitz that has a fairly large collection of keys. (The server seems to be under the weather right now which just goes to show the problem with single point of failure).
It does no certification, just distribution, but you can add your key and check others quite easily.
He wasn't saying "I'm an ignorant user who doesn't know what keyservers are"
He wasn't saying "I don't know how cryptographic trust relationships work"
He wans't saying "The PGP web of trust doesn't work"
I believe what he was trying to say was "Wouldn't it be nice if someone compiled and published a keyring with signing keys of some of the major distributions and packages?"
That someone would need to be more or less globally known and trusted in the Open Source world and sign that keyring.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
A copy of the PGP key is on every CD pressed, on the FTP site, and at http://www.redhat.com/corp/corp_contact.html
You trust them to write the software, so you might was well trust them with the keys.
I have to say, RTFM. This repository is mentioned in the man pages for pgp.
This is more a comment on most of the messages
in this ridiculous thread than the starting
message.
The whole point with PGP is *trust*.
It doesn't matter where you get the keys,
what matters is who signed them, whether they
are reliable people, and whether you trust
them.
PGP is not yet another cool whistle to add your
machine, it's either something you want, and then
you'd better learn to use it correctly, or
something you don't have to care about at all.
Besides, it only protects you against some
tampering on the way. If the basic archive
machine gets broken somehow, the magic potion
won't work, as the recent incident with the linux
security server distribution amply demonstrates.
SSN? Driver's license #? Credit Card #? Password to a system you want to send to someone but want it protected?
/. if you really mean it (might want to include your phone number, address, dob, bank account numbers, etc)...
Your statement is uncredible. You may choose to not send your private data over public networks at this time, but that does not mean you don't have any data that needs that level of encryption. Put all this info in a message on
I got the kernel 2.2.x and there were keys there two. I downloaded the keys, and the kernel, but what do I need the key for? What do I do with that key anyway? Do I really need to downlaod the key? I did not need it to untar the file, or compile the kernel, what is it for then? Anyone shed some light on this for me?
Only 'flamers' flame!
Isn't there a problem with lots of people all randomly signing each others' keys?
It becomes a nightmare trying to backtrace all signatures back to a key you know is trustworthy
- Is there any software to do this? ie If you tell it who you trust/know, something that will follow all links to tell you if you can trust a particular signed key?
I hope you were being slightly sarcastic :)
I meant there is an interlinked network of people who have signed each others' keys.
Of course they have to verify fingerprints before signing, pref. by face to face contact, but over the phone is okay if you know that person.
The random bit is the *network* of interlinked signatures ( - this is obvious, you cannot expect to know who on the internet knows each other beforehand).
I didn't know this - Cool
Something like this has been implemented - the clever bit is that it's a book, which has some advantages for the truely paranoid.e gister/
URL: http://www.cl.cam.ac.uk/Research/Security/Trust-R
Alex
www.usenix.org
Guy Cole (KQ6J) * "Expert Plain And Fancy Bit Twiddling" * gsc@acm.org
True, centralized institutions are efficient, but that kind of defeats the purpose. You shouldn't accept someone's key without trusting them, which means you should get it from them over a channel by which you know it was not altered. That means a digital signing scheme which pre-supposes having their key.
Here is the way it's supposed to work -- you get someone's key personally (on a diskette, or whatever) or it is transmitted to you and signed by someone you already know or trust. Kind of a six degrees type deal. This creates a "web of trust". If I remember, in PGP, you can specify the level to which you trust a key, which means some keys can be trusted enough to authenticate other keys.
Hmmm, maybe six-degrees should be the one managing PGP keys... What'dya think?
I've got _no_ data that needs that level of encryption or security.
don't recognize sarcasm when it bites you in the ass huh?
"We are not tolerant people. We prefer drastically effective solutions"
I chaired a two day conference on this very topic in Vienna last year. See the results at http://www.bests.org/
The "independance" of the registration authourity is the main point in question:
Businesses don't trust Government to do it, Government doesn't trust businesses and the individual consumer trusts neither!
AC
I think you have either missed the point (even if it was badly put), either that or you are being plane argumentative.
Tell me, do you lock your door to the house? Do you lock your car door (if you don't have one, please imagine you do)
My point is this. Just because it is possible to get in to the house, even with the door locked, you don't leave it open, as a form of discouragement, to try and make it harder for some one to break in to your house. There is no such thing as a 100% secure system, none. But you can make that system as hard to break in to as possible.
I think this is one thing that people should realise. It is all more of a deterent then a 100% garantee of protection.
Does any one dissagree?
Doug.
I think this is the problem, yours are not random verifications. You have puposely spoken to the owner of the key before signing it to make sure it is representing who it says it is.
The other writer (I am assuming) is saying that people are signing keys with out actually verifying that the key belongs to who ever.
Don't ask me why some one may wish to do this, it is beyond me (well okay, I can think of some reasons, but no point in saying).
Doug.
Yep, semi sarcastic : )
Oh, and I can't spell so leave me alone.
Doug.