Re: Keysigning challenge policies/procedures

[Michael Kallas]

Hi,

Alphax schrieb:
 Suppose you send an email to Address W and encrypt an authentication
 token to Key X. You recieve a reply from Address Y, containing the
 authentication token, which has been signed with Key Z.
 
 This tells you that /someone/ with access to W has recieved a message;
 /someone/ with access to X has decrypted it; /someone/ with access to Z
 has signed a reply; and /someone/ with access to Y has sent a reply.
 
 Keys X and Z may or may not be the same key or subkeys of the same
 primary key, addresses W and Y may or may not be the same, and Y may or
 may not have been faked (which is trivial).
Couldn't I check this by looking at the public keys they published at
key servers?

Best wishes
Michael

-- 
Nobody can save your freedom but YOU -
become a fellow of the FSF Europe! http://www.fsfe.org/en


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Keysigning challenge policies/procedures

[Ingo Klöcker]

On Sunday 09 July 2006 06:27, Alphax wrote:
 Michael Kallas wrote:
  David Shaw schrieb:
  I've been away on vacation and only picked up this thread now. 
  This statement is not correct.  Back in the PGP 2.x days, this
  might have been true, but with OpenPGP, there is no particular
  requirement that the ability to sign and the ability to decrypt
  are connected.  You can have a shared key with separate
  capabilities.
 
  Sending an signed key via encrypted mail does not ensure anything
  about the key owner.
 
  Why not?
  Sorry, this conclusion was too fast for me, could you please
  explain a little bit?

The key (i.e. the primary key) could belong to a group, but only one 
person of the group might be the key owner (i.e.  have full access to 
the key) or even no member of the group might be the key owner, but 
only a superior entity like the company's CA. Moreover, each member of 
the group could have a separate encryption subkey.

This example should explain why sending a signed key via encrypted mail 
doesn't ensure anything about the key owner.

Of course, with respect to keys belonging to real persons rather than to 
entities/companies/etc. this example is probably not that convincing.

 Suppose you send an email to Address W and encrypt an authentication
 token to Key X. You recieve a reply from Address Y, containing the
 authentication token, which has been signed with Key Z.

 This tells you that /someone/ with access to W has recieved a
 message; /someone/ with access to X has decrypted it; /someone/ with
 access to Z has signed a reply; and /someone/ with access to Y has
 sent a reply.

Except for the Y part this is correct. But the contents of the From 
address, i.e. Y, means absolutely nothing.

 Keys X and Z may or may not be the same key or subkeys of the same
 primary key, addresses W and Y may or may not be the same, and Y may
 or may not have been faked (which is trivial).

Exactly. And therefore you shouldn't have written above and /someone/ 
with access to Y has sent a reply because anyone could have sent the 
reply.

Regards,
Ingo


pgpTRUWqt0F0R.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users