On 17/11/2021 18:15, Robert J. Hansen wrote:
Mapping a "Real Name" to an email address is a conceptually different thing from mapping an email address to a public key.Except that should we be mapping keys to email addresses in the first place?
>
When we sign a certificate we make an assertion that this cryptographic material is controlled by this entity. I control the cryptographic material associated with certificate 0x1DCBDC01B44427C7. r...@sixdemonbag.org controls nothing -- it's just one of several places I pick up mail.
A cryptographic signature does not attest that anything belongs to you, the meatspace person - it merely attests a relationship between some cryptographic material and a particular identifier. The interpretation of the identifier is context-dependent and highly subjective.
If I want to send an email to you, I have to identify you to my MUA. If I want to encrypt it, I have to ask the MUA to associate the identifier I just gave it with a key. I either select your name from an address book (in which case the unique ID is your email address) or I type in your email address by hand. It doesn't matter how many other identifiers (emails, post boxes, passport numbers) you have - from my POV, and that of my MUA, they are irrelevant because they don't let me identify you any more precisely than I already can with just one.
The cryptographic binding is always between key material and a machine-readable identifier. This identifier may or may not be globally unique, but it should be unique in the context of the system within which it is used (e.g. my MUA). The mapping of contextual identifiers onto meatspace is a philosophical question that is beyond the reasoning capability of a computer, and the ability of natural persons to assume and discard identifiers is a feature, not a bug.
I have long considered mapping keys to email addresses to be a fundamental flaw. It obscures exactly what it is we're trying to assert: that cryptographic material is controlled by *people*.Some cryptographic material is created, used and destroyed without any human interaction whatsoever, e.g. TLS session keys. The session key is signed by the server key to state "this session key is controlled by me" (i.e. the server). The server may be controlled by an organisation, and the organisation by people (or the people by the organisation, depending on your point of view!).
The point being that there are many layers of abstraction between the cryptographic material and a natural person. Software can only make and test claims about some of those layers at best, and some of those layers may not even be meaningful to the end user, depending on the context.
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users