At 03:41 PM 6/13/03 -0700, Bill Frantz wrote:
>The HighFire project at Cryptorights
><> is planning on building a
>"web of trust" rooted in the NGOs who will be using the system.  Each NGO
>will have a signing key.  A NGO will sign the keys of the people working
>for it.  In this manner, we have way of saying, "The John Jones who works
>for Amnesty International".  A NGO may decide to sign another NGO's signing
>key.  Now we have a way to say to someone in Amnesty, "Send a message to
>Steve Smith in Médecins Sans Frontières."  The plan is to show the trust
>relationship in the UI as a path of keys.
>I would appreciate your comments.

Threat model: NGO_Alice is compromised and signs GESTAPO key, leading
to NGO_Bob's demise.

Possible counters: 

NGO_Alice's NGO key is a split key, so >1 person needs
be rubber hosed.  I don't know if PGP supports this, I don't think so.

Short key expirations, in the limit trusted for just 1 day.  Already
possible, just document this.


Also, how do you counter the GESTAPO from seeing queries to the 
key servers?   It might be enough to jail anyone making such an
inquiry.  Possible solutions would include having the keyserver
perform some innocuous function, and use SSL for all connections
to it.  Also SSL proxying and stego of course.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to