Re: [Sks-devel] About deleting keys

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/29/2013 11:25 PM, dirk astrath wrote:
> Hello Kristian,
> 
>>>> This is why you have key validation requirements and 
>>>> signatures/certification. The existence of a key doesn't bind
>>>>  that key to a specific individual, no matter what the UID 
>>>> says.
>>> Wrong ... the unique email-adress is the problem .. which is 
>>> usually in the UID of the key.
>> This isn't too relevant from a security perspective wrt a "fake
>> web of trust" but seems more like a response wrt privacy
>> questions. Keys have to be validated (typically involving
>> certification) before use!
> 
> Would you please explain this to the "normal" user? ;-)

This has been the standard practice since the beginning of OpenPGP.
Certificate Authorities can be used as a mitigant (acting as a trusted
third party). But indeed, it require security awareness, and to use a
quote by Schneier that should be well-known "Security is a process,
not a product".

Because security is usually considered a secondary, or even tertian
need, it increases the difficulty of educating people. We do not
generally sit down in front of our computer wanting to manage our
security. Rather we want to send emails, browse web pages, download
software, and we want security in place to protect us while we do
these things.. A Case Study by Alma Whitte and J.D. Tygar
(CMU-CS-98-155), where they call this element the unmotivated user
property discusses this. It follows up by defining the abstraction
property which states “Computer security management often involves
security policies, which are systems of abstract rules for deciding
whether to grant accesses to resources. The creation and management of
such rules is an activity that programmers take for granted, but which
may be alien and unintuitive to many members of the wider user
population.”

Combining the effect of the abstraction property and the unmotivated
user property can give scary results. The general user will not
understand the basis for the policies put forth in security
applications without education, but at the same time, the general user
is not to to be expected to be interested in learning about security.

> 
> They find the key and use it.

They shouldn't

> If they are good, they check the number of signatures and use it. 
> ... and how often do you check the way from your key to my before 
> relying to it? ;-)
> 

I wouldn't rely on it beloning to you personally without validating it
in person or through a short key path of trusted certifiers. Over
repeated use I might connect it to a pseudonym and verify that it is
consistent over time, but that is not really what we're discussing here.

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Bene diagnoscitur, bene curatur
Something that is well diagnosed can be cured well
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta255 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJScDkIAAoJEAt/i2Dj7frjU40P/0UFrwe2B19Ue80C1IwUQpWL
9bC9USkXI5By8KDGtUVHm4Y1JtSMQPPzfJWwjLYQpH0ysKgGIIpTlE4jU/HSqj2+
OnL3f5MKdjMXmLdrdXRBbCefY4iL8ofvN66aQ4Cn8WBBmCnAEXVs8yiZ2zpGi8av
10OYqZ2N29IhjEYIF7mHP9u9wB7vCi56QREmLRWu/s6OtQroheB68Yzu9T5snLzj
rmx3CiIauGuX072DtKnXx3MqiYIYXWk5fDEISumzafHxzU3I5ENHgdMrCpBh2Tke
6cgq6DHr3aRYakPD2UsjJ5yJVK72j86DrHsKWJUEDeRIe1Hybif90KMYdCTo3ZGo
gDH63jkkKQtpIRDKqqssoty1MYX2Gs5xKlPSP99WAgLjuRX7o4TgrEMQt0FV0pol
KVRrU/To4lh/O9cZFrQIs+U4XN04BeDQEd57x1EcbnLft1VS+EI/PkFZT86JAzOM
/kNN7/v2EOVjhl9fCcFryPVtf4feS2vG3l/ITXoTcGE/C1lShRYUTJaZ/Javrrpd
8ZNfKRzqhuhLyMn0Qv1Fz4AmhPmm5H7EcvML+za0mGGpu7U8IDCnCFCqRnGsKWC/
U3kmoYQvv2QcHSgPcs8RMuJI8YLhgV+0EGgTR+NQFKzaQmH9dJlUeivQqm/MDhmI
I4bVSkNnBQv5BgvwYrRd
=BIzB
-----END PGP SIGNATURE-----