[cryptography] key management guidelines
iang at iang.org
Fri Sep 3 23:21:15 EDT 2010
On 4/09/10 4:21 AM, travis+ml-rbcryptography at subspacefield.org wrote:
> It's too bad there isn't a notion of identity seperate from keys.
The problem with all this is there is an assumption that we can
accurately model an identity in any form. In practice, we can't. In
more theoretical terms, we can't even define identity, let alone design
a single system to capture it.
What we can do is use a key (any key, like an OpenPGP key) for some
defined purpose. Like Jon says. E.g., X is the key I sign stuff with.
Or Y is the key you can encrypt to me as. And Z is the key I use for
late night naughty private stuff... Each of these are some small slice
of my identity, and that's as good as it gets.
For some reason that isn't particularly clear, PGP saw the trap of
identity and never tried to define it. So OpenPGP keys just have a
string in there that you can put anything to. There is an arrangement
for sign-key+encrypt-key ... but this is really an approximation.
But really, it is up to the people, the statements, the customs to
define all that.
In contrast, the x.509 system went out of its way to define identity as
one-key-one-person. This traces back to telco desires to somehow
capture the semantics of one-person-sends-one-email; it really is an
assumption that there is only one person, one key, one identity
(although implementations differ).
> This is kind of a vague request, and intentionally so, because
> I really don't know what kind of information is out there.
It really depends on what you want to do. Which might be simplified as
"what is your definition of identity?" But don't use that
simplification as you'll never get it right.
For example, for the payment systems I worked on, Gary H designed the
"identity" equation as "account is OpenPGP key." Everyone could have as
many accounts as they liked. So the result was that for the system, the
identity was clear because of the key; but at a higher level, there was
no direct for the system to identity a human (just analyse
possibilities). This works very well when we are talking about money,
because the primary goal of money is the worth of the bits, and their
location/control, not necessarily the identity of the person in control.
But it would work less well in say a social networking analysis, where a
buddy list would imply some sense of human identity, or a legal context
where people are providing evidence.
OpenPGP is designed to let you do those things, all of them. But you
have to do them, define them :) Its OpenPGP's cross to bear.
PS: same question arises with expired signatures. What does that mean?
Does it mean the signature disappears like magic ink? Or does it mean
the house I sold last year can be yanked back? OpenPGP simply doesn't
say what as signature means, in a semantic sense.
More information about the cryptography