[13620] in cryptography@c2.net mail archive
RE: Keyservers and Spam
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Jun 13 17:24:48 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 13 Jun 2003 11:47:03 -0400
To: Jill.Ramonsky@Aculab.com, cryptography@metzdowd.com
From: John Kelsey <kelsey.j@ix.netcom.com>
In-Reply-To: <8C9A566C643ED6119E8900A0C9DE297A324686@saturn.aculab.com>
At 09:19 AM 6/11/03 +0100, Jill.Ramonsky@Aculab.com wrote:
...
>I observe that "confirmation" of the fingerprint by phone is worthless
>unless the recipient is able to recognise my voice. In the case of a
>stranger, that won't be the case.
It's not quite worthless, as it raises the cost of the attack quite a
bit. It's a lot more expensive to keep someone around 24/7 ready to spoof
a key fingerprint reading on an intercepted phone call than it is to
silently put the wrong key on a key server and automatically intercept and
replace e-mails. If you can't make your system impossible to break (alas,
you usually can't), you may as well at least make it an expensive and
unpleasant target.
It would be easy enough to specify a key server that only responded to
queries on precise e-mail addresses, which would make some sense (it's
reasonable to expect that you already know my e-mail address before we
start an encrypted conversation). I think that's much easier and cleaner
than monkeying around with the certificate information (e.g., by putting
"random_user (at) random_host (dot) org" or something into your
certificates.) As you stated, that ends up undermining one of the
assumptions of certificates and the web of trust. Also, it's nice to let
e-mail software have some hope of figuring out which key in the keyring
goes with which public key.
>Jill
--John Kelsey, kelsey.j@ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
