how to handle "bad" signers?
I've started to analyze the trust relations between the keys of various keysigning parties. The data below is generalization of several keys signing parties. the setting: * more than 20 potential participants * more than 15 attendees * 1-3 keys that signed every single key of all announced participants, even those that most likely never attended the party The interesting point is that those 1-3 keys haven't got a single signature from any of the other participants. There are 4 possible reasons I can think of 1) Those keys are "roll" or "institutional" keys. 2) The key owners failed to push the received signatures back into the keyserver network. 3) The key owners pushed the received onto one of the semi/unlinked key servers. 4) The owners are bad signers and didn't take part in the ID verification step of the signature process. 1) and 3) are defiantly not the reasons in the analyzed cases. I really hope 2) is the cause, but in at least one case I am sure of 4). How should 4) be dealt with? As far as I am aware the is no negative signature or any other way to mark those keys - except for local trust settings. Thomas signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to handle "bad" signers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas Kuehne wrote: > I've started to analyze the trust relations between the keys of various > keysigning parties. The data below is generalization of several keys > signing parties. > > the setting: > * more than 20 potential participants > * more than 15 attendees > * 1-3 keys that signed every single key of all announced participants, > even those that most likely never attended the party > > The interesting point is that those 1-3 keys haven't got a single > signature from any of the other participants. > > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > How should 4) be dealt with? > > As far as I am aware the is no negative signature or any other way to > mark those keys - except for local trust settings. > Don't sign their keys? Tell them if you do get a chance to sign their keys, "I am not going to sign your key because you do not understand the implications of the web of trust" and make them revoke their signatures on all the keys they have signed without verifying them? If you are lucky, they will be level 1 signatures, so you can exclude them. If you are unlucky, they will be nonrevokable level 3 trust signatures 10 deep. Setting ownertrust to "none" in these cases is a good idea; at least then your WOT won't be contaminated by their signatures. However, I find it unlikely that they would even enter into your WOT to start with; if that is the case, you need not even worry about what their signatures are doing. Just set ownertrust to "none" and forget about it. Use the --always-trust option when encrypting (IIRC GPG will still "warn" you but will at least let you encrypt). There is of course possibilty 5) which appears to happen most often with PGP newbies (because it's TOO easy to use, and the instructions likely don't require any understanding): the possiblity that they should have made local signatures on the keys, but didn't, and PGP automagically "refreshed" their entire keyring, spreading these signatures into the wild. For an excellent example of this, check the PGP global directory key; there are many signatures which have been revoked due to accidental non-local signing, and many keys in the keyserver network have PGP GD sigs on them, again due to "automagic" refreshing (most likely through LDAP). I realise that this has turned into a bit of a screed, but it looks like the best policy is: Don't do stuff unless you know what you are doing! Don't use software that does stuff behind your back! Use Free software! - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2yew7MAAH8MeUlWAQgPwAf/SmSJeK+V8kdQOu77VWGwLBRHzGs2pb8R HY1GTlZiCKIqbUhAs3nz+9pTww5JlFV16N/8MQrF44VCrHDpytmPwsF+NcszfEeX 2/Iz2wQUjAqVepgmmxujqBIpcGMYPNrPk6yf+SByspOgVG6stFbBD3ZAMU41R36f GLn/Hq6+A91qV1tAD1C9giHhDxy1WzZr8rHHPf68Cah54/8ndFhJnm/5tFrsAGVR QG1og6ziaZzyexfAnCUhdxHaGkKry9UN58WGZGOKkth9Wdh/mTlduLezIR/Mff6r 4TQEWppp/LWg+mOnuik6OwsKuVHrxgZ4SUXUKtvtx3aa4oWrA4G4lw== =CZoN -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote: > David Shaw wrote: > > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > > > >>Salve! > >>Can somebody explain me what is "back signatures"? > >>Manual not very clear about this. > > > > > > It's a countermeasure against an attack against signing subkeys. > > Basically, the primary key signs all subkeys. With backsigs, the > > signing subkey also signs the primary key. > > > > Without this, an attacker can "steal" a signing subkey from someone > > else and try and pretend that a signature came from his own key. It's > > not a particularly good attack: the attacker can't issue signatures to > > prove his ownership. > > > > Will this remove the possibility of moving subkeys from one primary key > to another / converting primary keys to subkeys (documented at > http://atom.smasher.org/gpg/gpg-migrate.txt)? No, it's unrelated to that. It's a countermeasure against a (somewhat weak) attack. It has nothing to do with various bit twiddling you can do to your own key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: >>> >>> David Shaw wrote: >I should add that this is a new feature for 1.4.3. > Has 1.4.3 been officially released yet? >>> >>> >>>Not yet, no. >>> >> >>How "unofficial" is it? > > > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. > Considering that 1.4.2 won't compile on my system, that could be a problem. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2y04rMAAH8MeUlWAQh/yggApuqFc1sRkU6w6+whqE7GH3EooQIrp5On 8mIt1AeafrdFsEVRFALH+cc0Nvrna+KTPcze+mVQQM6lv5MRb3v+2GXpI8kqYIWL CrpAfFUJH9UftBhw84ytcZn20gKg8Mw9Q1RZCcwj6sBtF9JIX4xAfgRvv972b7FH fakqfbQ6hzkUciZUQmMWIBiHYcDZclAqmukD6iragtpYrK13vemCFO+hDViqbAb+ HXQQ+oL1kJk8BcXvuA1a/CNH9W3OLl2M+5pl4mnYP7ZqEKjQJ+gr1mBRmwvvwS5/ 1M1trBgyTrycnL0Q0D/zoW7QJEY4AHrI4ImrChqjDm0ZgVEcENJRWw== =CpjA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > > > >>David Shaw wrote: > >> > >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > >>> > >>> > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > > > >Salve! > >Can somebody explain me what is "back signatures"? > >Manual not very clear about this. > > It's a countermeasure against an attack against signing subkeys. > Basically, the primary key signs all subkeys. With backsigs, the > signing subkey also signs the primary key. > > Without this, an attacker can "steal" a signing subkey from someone > else and try and pretend that a signature came from his own key. It's > not a particularly good attack: the attacker can't issue signatures to > prove his ownership. > >>> > >>> > >>>I should add that this is a new feature for 1.4.3. > >>> > >> > >>Has 1.4.3 been officially released yet? > > > > > > Not yet, no. > > > > How "unofficial" is it? It's as official as any release that hasn't happened yet: that is to say, we're happy and thrilled if you test it out and report bugs (to gnupg-devel), but you'll have to compile it from the SVN repository, and it's not considered stable code. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > It's as official as any release that hasn't happened yet: that is to > > say, we're happy and thrilled if you test it out and report bugs (to > > gnupg-devel), but you'll have to compile it from the SVN repository, > > and it's not considered stable code. > > > > Considering that 1.4.2 won't compile on my system, that could be a problem. So... report the bug? We're not terribly good mind readers here. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to handle "bad" signers?
On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > 1) and 3) are defiantly not the reasons in the analyzed cases. > > I really hope 2) is the cause, but in at least one case I am sure of 4). I'm sure it's 4, especially in the case when the person in question never attended the party. Some people just sign all the keys and call it a day. > How should 4) be dealt with? > > As far as I am aware the is no negative signature or any other way to > mark those keys - except for local trust settings. That is correct. It really has to be this way, for good and for bad. Trust is inherently subjective - even the 1-2-3 trust levels are just guidelines and there is no way to enforce them beyond asking people nicely not to abuse the system. Of course, it would be possible to propose a different trust model that takes into account such things (a reputation system), but that would be a reasonably different beast than the current system. Not impossible, but it would take some working out of details. OpenPGP currently has no way to make a "negative" signature. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to handle "bad" signers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > >>How should 4) be dealt with? >> >>As far as I am aware the is no negative signature or any other way to >>mark those keys - except for local trust settings. > > > That is correct. It really has to be this way, for good and for bad. > Trust is inherently subjective - even the 1-2-3 trust levels are just > guidelines and there is no way to enforce them beyond asking people > nicely not to abuse the system. > > Of course, it would be possible to propose a different trust model > that takes into account such things (a reputation system), but that > would be a reasonably different beast than the current system. Not > impossible, but it would take some working out of details. OpenPGP > currently has no way to make a "negative" signature. > If it did, there would be a corresponding "Web of Antitrust". - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2zEJ7MAAH8MeUlWAQhmzQgAooOGpX2p31Bgoc8F4egWzFgHCS2pWO+z Bsl8YgnGdjzT7Q0GVOsP55LjPPKRSBh1+yIDrWYIqWyuLp1a74ZQTw5u8NDDtPj9 NhHSwa6kB+sQksaT3U5I4AZL7uygh79CI7AtGj/TOafoal+IKYXzVmA/DPGCVMkJ ovhv1NzfXnyRR6UGmviBrket9gaWNOST65o75NrCQww2UelH31xNPweLXclRxWkf aLs8wuNzO375MrtQkRtIFv0CDSysd4HMgByXC/p1QZdiv6o0rqKOq0heCTSPIr1Q qMqfQY9y4aWHiifHvJeYllo04V8/b7yULSj6U8h2TUpjf9gZqmNuUQ== =pM1Y -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > >>>It's as official as any release that hasn't happened yet: that is to >>>say, we're happy and thrilled if you test it out and report bugs (to >>>gnupg-devel), but you'll have to compile it from the SVN repository, >>>and it's not considered stable code. >>> >> >>Considering that 1.4.2 won't compile on my system, that could be a problem. > > > So... report the bug? We're not terribly good mind readers here. > Nah, it's my system. MSYS is "not a runtime" according to all sane documentation. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2zGrbMAAH8MeUlWAQj7TggAsKkG5TNPuQWMuPerEf+CE9j7w/RmRBMY MxCc3V5Kh0+HHcZT7yhP2ZmVwyFOEDH3qO2YKL1ouMEkm+KMHB3pQArb0Wjjlnkn b574a5P/jzcvz/Fp75VurOPnrz/i3o2DzhKXURxSMQFVrsYrfL2TIb98KBUVGs+0 rbzvNjCZQ3cqVtu2moYRJnou7w5PVZUdWTH16NmuKSjVIt4mMnH+vG2yDud2lxkV f31vlzD2K+Fgal8wkzVTNCtBQoZUEC2fB+7iXbwcTSwj6xjGReCih22lvyiB5qFU lYzjYx2YCCCDbMoMYgMqVcBQy13N6PlJgYGad7RD2nwlYHQLKYLbBQ== =efte -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: back signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. "Unstable" though it may be, but I've encountered no problems: Yet. JOHN :) Timestamp: Saturday 05 Nov 2005, 11:51 AM --500 (Eastern Standard Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3-cvs (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJDbOMdAAoJEBCGy9eAtCsPEBAH/1BtRSVQ+i+iZvBo+KbPt/+T Ta9od0JnIdaoohHpysN9XKKVqgwfkDv7CIm+zbslGEeQKhZXC7WIyIqcgGwqqnV+ NYb0zZqXQHhHeOwZovg32sC2ZNEnF4syXI4Fm9nfBKchEzoGmR9gKvEGK89QSIET Obhnolyj5NbtEiNy8avx7S2H3RWZNE0qILCMMK57lJLYy88gypmYlSVlj0bpvX4L t3R+yEJGKuX/bdbIgOFHIhARG4rriLqHACr8lrqgr9d6iWLZHlxbbYHUeftmerG1 Qd7eNcbHdZwfB+YpmDXuXabXl1NY4qW2fLnmlFe2j/wtsxzx735LSwhJ/QkiTqo= =OSzz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
CVS or SVN [Was: back signatures]
G'day David, * David Shaw <[EMAIL PROTECTED]> [051105 07:45]: > > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. Can someone then please update the information on the web pages to be relevant to SVN as opposed to CVS (I'm assuming that you're not running both concurrently). Cheers, S. pgpFim8aO41TV.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expiring UID
--- David Shaw wrote: > On Fri, Nov 04, 2005 at 04:59:01PM +, Nicholas > Cole wrote: > > Am I right that there is no easy way to create an > > expiring UIUIDas opposed to an expiring key). > > > > --ask-cert-expire seems to be ignored when using > > adadduidn the edit menu. > > > > Is there a good reason for this? > > Honestly, no good reason. There are a few iffy > reasons in nobody ever > asked for this feature before, and that it would be > of doubtful > compatibility outside of GnGnuPG It's not that I see a desperate need for the feature, it just seemed an interesting omission, and I wondered what the reason was. I'm surprised that compatibility is a problem - I assumed it would be done by having the self-signature on a UIUIDe created with an expiration date, which surely all OpOpenPGPrograms would notice. The situation I thought it would be useful for is if a UIUIDs associated with a job/position that will only last a fixed period of time - especially if access to the account might change after that point. Including it would probably require numerous changes, such as asking a 3rd-party signer if a signature should expire at the same time as the self-sisig.. As I say, probably little/no need. Just an interesting quirk. Cheers, N. ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to handle "bad" signers?
On Sun, Nov 06, 2005 at 01:09:36AM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > > > > > >>How should 4) be dealt with? > >> > >>As far as I am aware the is no negative signature or any other way to > >>mark those keys - except for local trust settings. > > > > > > That is correct. It really has to be this way, for good and for bad. > > Trust is inherently subjective - even the 1-2-3 trust levels are just > > guidelines and there is no way to enforce them beyond asking people > > nicely not to abuse the system. > > > > Of course, it would be possible to propose a different trust model > > that takes into account such things (a reputation system), but that > > would be a reasonably different beast than the current system. Not > > impossible, but it would take some working out of details. OpenPGP > > currently has no way to make a "negative" signature. > > > > If it did, there would be a corresponding "Web of Antitrust". Yes, more or less. You could allow people who you trust to lower the validity of other user IDs. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECC
* Jean-David Beyer <[EMAIL PROTECTED]> wrote: > > I put the speculations aside and stick with the fact that the NSA > > recommends ECC for government use. That's enough for _me_. > > > I guess it depends on how your paranoia works, and about whom you > choose to be paranoid. Does the NSA recommend ECC for government > use so that another government agency (e.g., the NSA) can read, if > necessary or desired by the parties that control that government > agency? If so, I would assume they know how to crack ECC. In that > case I would not want to use ECC. As I said, I put the speculations aside. I see no point diving into the matter like that. Consistently, and quite sadly, this reminds me of 9/11. When I refused to accept the official story of Osama and his 19 bandits (still do; f.e. their ridiculous story of burning jet fuel being able to bring down the towers; quite a laugh), I was called a conspiracy theorist; just for saying "I'm not buying the official story.", period. I did not offer alternatives;I was just saying, plain & simple, that it can't be THAT way because of numerous facts. See, I don't go any further than the NSA's recommendation here; in this case this is enough for me, I most certainly do not want to draw an analogy between PKC & 9/11 because that would take much much more than some limpering analogy at best, eh ;-). I don't care about other views on the matter (NSA & PKC); I don't ask acceptance, only mere tolerance. Curiousity is a good thing, but there are times when too much of it will spoil things big time. I find it astonishing that people can't accept facts as such, and what people make of them (eye, beholder, bells, ringing, ...) _without_ putting speculations aside; no offense intended. I could go on ranting... and if one could build a whole new _lasting_ world on speculations I'd be among the first to join. > Or do they know how to crack everything else and have not yet > cracked ECC? In that case, I would want to use ECC. Well... If one asks them, they most certainly won't give a satisfying answer I fear ;-) Or, more precisely, it would take ages. When you take a look at cryptome.org and some requests regarding the freedom of information act, it is quite sad to note that it takes a federal angency so much time to response to simple requests made by a country's citizen. > Paranoia is a wonderful thing, but it can trap you in dilemmas like > this. Not me. ;) I use to say "I'm not paranoid, but the people who hunt me think I am." -- left blank, right bald pgpprZSZskOtB.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: CVS or SVN [Was: back signatures]
Stewart V. Wright wrote: > Can someone then please update the information on the web pages to be > relevant to SVN as opposed to CVS (I'm assuming that you're not > running both concurrently). The cvs servers are still operational, just no longer updated. README.WARNING-REPOSITORY-NOT-CURRENT says: > Hi! > > we switched over from CVS to Subversion. Thus this archive is not anymore > active. See: > http://lists.gnupg.org/pipermail/gnupg-devel/2005-July/02.html I'll second the request. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
