At 09:19 AM 6/11/03 +0100, [EMAIL PROTECTED] wrote:
I observe that "confirmation" of the fingerprint by phone is worthless
unless the recipient is able to recognise my voice. In the case of a
stranger, that won't be the case.

It's not quite worthless, as it raises the cost of the attack quite a bit. It's a lot more expensive to keep someone around 24/7 ready to spoof a key fingerprint reading on an intercepted phone call than it is to silently put the wrong key on a key server and automatically intercept and replace e-mails. If you can't make your system impossible to break (alas, you usually can't), you may as well at least make it an expensive and unpleasant target.

It would be easy enough to specify a key server that only responded to queries on precise e-mail addresses, which would make some sense (it's reasonable to expect that you already know my e-mail address before we start an encrypted conversation). I think that's much easier and cleaner than monkeying around with the certificate information (e.g., by putting "random_user (at) random_host (dot) org" or something into your certificates.) As you stated, that ends up undermining one of the assumptions of certificates and the web of trust. Also, it's nice to let e-mail software have some hope of figuring out which key in the keyring goes with which public key.


--John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to