[13639] in cryptography@c2.net mail archive
RE: Keyservers and Spam
daemon@ATHENA.MIT.EDU (David Honig)
Sun Jun 15 14:31:13 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 15 Jun 2003 10:02:56 -0700
To: Bill Frantz <frantz@pwpconsult.com>
From: David Honig <dahonig@cox.net>
Cc: <cryptography@metzdowd.com>
In-Reply-To: <v03110710bb1000194703@[192.168.1.5]>
At 03:41 PM 6/13/03 -0700, Bill Frantz wrote:
>
>The HighFire project at Cryptorights
><http://www.cryptorights.org/research/highfire/> is planning on building a
>"web of trust" rooted in the NGOs who will be using the system. Each NGO
>will have a signing key. A NGO will sign the keys of the people working
>for it. In this manner, we have way of saying, "The John Jones who works
>for Amnesty International". A NGO may decide to sign another NGO's signing
>key. Now we have a way to say to someone in Amnesty, "Send a message to
>Steve Smith in M=E9decins Sans Fronti=E8res." The plan is to show the=
trust
>relationship in the UI as a path of keys.
>
>I would appreciate your comments.
Threat model: NGO_Alice is compromised and signs GESTAPO key, leading
to NGO_Bob's demise.
Possible counters:=20
NGO_Alice's NGO key is a split key, so >1 person needs
be rubber hosed. I don't know if PGP supports this, I don't think so.
Short key expirations, in the limit trusted for just 1 day. Already
possible, just document this.
....
Also, how do you counter the GESTAPO from seeing queries to the=20
key servers? It might be enough to jail anyone making such an
inquiry. Possible solutions would include having the keyserver
perform some innocuous function, and use SSL for all connections
to it. Also SSL proxying and stego of course.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
