[linux-elitists] GPG luser rant

David Shaw dshaw@jabberwocky.com
Mon Apr 16 19:41:04 PDT 2001


On Fri, Apr 13, 2001 at 12:47:34PM -0700, Karsten M. Self wrote:
> on Fri, Apr 13, 2001 at 11:50:11AM -0700, Rick Moen (rick@linuxmafia.com) wrote:

> > I wish it were not the case, but there are not yet very workable
> > real-world systems for distributing, managing, and revoking keys --
> > PKI/certificate authority or web-of-trust models are both problematic
> > in those areas if you aim for both day-to-day practicality and
> > meaningful authentication.  Much as I would like to hope that these 
> > are early implementation issues that will be ironed out, the worst of
> > them appear essential to the authentication models concerned.
> 
> There is a distributed public keyserver network.  This seems to work
> reasonably well from a data distribution standpoint.  I'd be interested
> in knowing what specific problems exist with it.
> 
> Revocation seems to be the real nit.  There isn't an analog, AFAIK, in
> the PGP model to a "revokation signature".  That is, signing a key to
> say "I know this key and it is false, invalid, or revoked".

Quite a while ago, somebody proposed such a thing.  The intent, if I
recall, was to address the "oops-I-lost-my-key" problem.  If many
people (presumably acquaintances of the unhappy key owner) signed the
key with this negative signature, it would effectively revoke the key.

I don't recall why it did not progress past that, but one of the
issues raised was the extreme potential for abuse (an unpopular person
could lose all their keys, present and future, to this).

As things stand now, aside from harassment signatures which don't
really affect the web of trust except in a FUD sort of way, the worst
thing someone can do is refuse to sign a key.  I think that's a good
thing.

> Updating key to aquire new signatures is a slightly different story.
> It's possible to roll through your keyring and re-request the keys from
> public servers.  This takes some time for me, but is doable, and could
> be packaged as a scheduled system task.

gpg --recv-keys `gpg --list-keys 2>/dev/null | grep pub | awk '{print $2}' | sed -e 's/^.*\///'`

(It probably puts more load on the keyserver than is warranted for big
keyrings, but I only have a handful of keys on my local machine.)

> Actually, I suspect such security devices may become de rigur as current
> trusted systems such as credit cards and authentication cards are found
> to be wanting.  My Palm Pilot already acts somewhat as such a device, in
> that it holds my access keys to numerous systems -- in an encrypted,
> password-protected database.  While the Palm isn't the perfect
> standalone system, it's (again) a pretty reasonable proxy.
> 
> The vision that we'll all going to be carrying around a little security
> fob (or at least a significant number of us) is probably a reasonable
> approximation of a future truth.

Yes.  If you really wanted to, you could do it now -
http://www.ibutton.com/pki.html, or perhaps
http://www.agatetech.com/products_q.html

Even the business card CDR that someone mentioned a couple of days ago
is a reasonable approximation of a simple security fob.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 524 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010416/108151da/attachment.pgp 


More information about the linux-elitists mailing list