At 3:48 PM -0700 9/1/2000, David Honig wrote:
>At 09:34 AM 8/30/00 -0700, Ed Gerck wrote:
>>
>>BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
>>North Bay Area of SF, PGP is not uncommon in such small-group business users.
>
>How do they exchange public keys? Via email I'll bet.
>
So what if they do? A Man in the Middle attack is difficult to mount
and expensive to maintain. It is also easy to detect if the parties
ever use out-of-band means to verify keys. I would judge the risk of
a MITM attack as much lower than the risk of keys being stolen from
the lawyers' computers.
I think one reason that the web of trust has not caught on is that
there is not much need in the real world for what it offers: the
ability for strangers to trust each others' keys. The one exception
is in dealings with commercial organizations and the certificate
authorities and SSL seem to handle that very well, at least in one
direction. Individuals who already know each other have many ways of
exchanging and verifying keys without resort to the web of trust.
That said, I do think web of trust is an important concept and one
that could and should be strengthened. For example, I have managed to
sneak my key fingerprint in to my books (in the section where I
explain public key cryptography) but I think authors who wish should
be allowed and encouraged to do so in a more straightforward way,
perhaps on their book's copyright page. If only !0%, say, of
computer authors did this, it would build a large pool of people
whose keys would be very easy to verify. I'd also encourage PGP users
to post their key fingerprint in a publicly accessible place, perhaps
in a window near their front door or place of business.
Finally, I'd like to see large compilations of key fingerprints
published on the web on, say, a quarterly basis. A master fingerprint
for these files could then be widely distributed, both on the
Internet and using other means such as billboards, display boards in
university and public libraries, even blinked out in Morse code from
a window in a tall building. (I call this the billboard defense.)
An MITM attack requires building an electronic balloon around its
victim. A mere pin-prick, like the billboard defense, is all that is
needed to burst that balloon.
Arnold Reinhold
