[cryptography] key management guidelines

Ian G iang at iang.org
Fri Sep 3 23:21:15 EDT 2010

On 4/09/10 4:21 AM, travis+ml-rbcryptography at subspacefield.org wrote:

> It's too bad there isn't a notion of identity seperate from keys.

The problem with all this is there is an assumption that we can 
accurately model an identity in any form.  In practice, we can't.  In 
more theoretical terms, we can't even define identity, let alone design 
a single system to capture it.

What we can do is use a key (any key, like an OpenPGP key) for some 
defined purpose.  Like Jon says.  E.g., X is the key I sign stuff with. 
  Or Y is the key you can encrypt to me as.  And Z is the key I use for 
late night naughty private stuff...  Each of these are some small slice 
of my identity, and that's as good as it gets.

For some reason that isn't particularly clear, PGP saw the trap of 
identity and never tried to define it.  So OpenPGP keys just have a 
string in there that you can put anything to. There is an arrangement 
for sign-key+encrypt-key ... but this is really an approximation.

But really, it is up to the people, the statements, the customs to 
define all that.

In contrast, the x.509 system went out of its way to define identity as 
one-key-one-person.  This traces back to telco desires to somehow 
capture the semantics of one-person-sends-one-email;  it really is an 
assumption that there is only one person, one key, one identity 
(although implementations differ).

> This is kind of a vague request, and intentionally so, because
> I really don't know what kind of information is out there.

It really depends on what you want to do.  Which might be simplified as 
"what is your definition of identity?"  But don't use that 
simplification as you'll never get it right.

For example, for the payment systems I worked on, Gary H designed the 
"identity" equation as "account is OpenPGP key."  Everyone could have as 
many accounts as they liked.  So the result was that for the system, the 
identity was clear because of the key;  but at a higher level, there was 
no direct for the system to identity a human (just analyse 
possibilities).  This works very well when we are talking about money, 
because the primary goal of money is the worth of the bits, and their 
location/control, not necessarily the identity of the person in control.

But it would work less well in say a social networking analysis, where a 
buddy list would imply some sense of human identity, or a legal context 
where people are providing evidence.

OpenPGP is designed to let you do those things, all of them.  But you 
have to do them, define them :)  Its OpenPGP's cross to bear.


PS: same question arises with expired signatures.  What does that mean? 
  Does it mean the signature disappears like magic ink?  Or does it mean 
the house I sold last year can be yanked back?  OpenPGP simply doesn't 
say what as signature means, in a semantic sense.

More information about the cryptography mailing list