[cryptography] key management guidelines

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Wed Sep 8 17:54:13 EDT 2010

On Fri, Sep 03, 2010 at 11:41:18AM -0700, Jon Callas wrote:
> > It's too bad there isn't a notion of identity seperate from keys.
> > I suppose email address is one, but they shouldn't have used a key
> > (which could expire) as a synonym for an identity.  That's like
> > using a phone number or name as the primary key for a customer
> > entry in a database.
> There are many reasons that identity being a key is a good
  idea. That was one of the great things about SPKI. However, in
  OpenPGP, you can have just about anything be an identifier and put
  the signatures where you want. What are you really looking for?

I suppose there are a couple of half-formed thoughts:

1) The ability to attach any email address, and indeed many email
   addresses to any key makes it rather confusing, but I see no
   way around this.

2) The UI is pretty confusing for subkeys, and signatures on multiple
   email addresses attached to the same key.  I get totally confused
   with which key ID I should use; I can't imagine a noob figuring it

3) Signatures don't make much sense with pseudonyms.  For example:
   When I ask someone to sign my key, are they attesting that I can
   receive email at "travis at subspacefield.org"?  Why would a
   passport help to answer the question of whether mail sent to
   that address reaches me?

4) Key expiration, or mere increases in computing power, make
   maintaining the web-of-certification difficult.  The best I could
   think of is the "eternal signing parent key" with encryption
   subkeys.  But maybe what I really want is an "eternal signing
   parent key", which signs multiple communication keys, so that my
   message signatures expire, but the ones made on yearly keys by my
   eternal signing key do not.

Which kind of leads to my next point:

5) As a human being, I may know that key A and key B belong to the same
   individual, but there is no way I can tell PGP this.  So if he changes
   keys due to expiration, or what have you, he's basically a completely
   new person; none of his old signatures matter, none of the attributes I
   assigned to him (e.g. trusting him to validate identity before signing)
   apply to the new key.

   This can be solved in part by assigning legal names and email
   addresses to the keys, but that poses other problems related to
   anonymity, network analysis, physical security, and so on.
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100908/e35b45fd/attachment.asc>

More information about the cryptography mailing list