Upload
cecil-chandler
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
key and identity management with pgp
Seth HardyTASK
28 February 07
before we begin, a question:
how many people here use pgp*?
* for ease of reference, PGP will refer to the software from PGP Inc., while pgp means any software that provides PGP-like functionality (e.g. OpenPGP).
and another question:
would you sign this key?
pub 1024D/1B629B3D 2005-12-27 Key fingerprint = 965E F829 EA6C 9174 4B46 43E1 4513 9A86 1B62 9B3Duid u1tr4 l4s3r <[email protected]>sub 2048g/1F8E2EEA 2005-12-27
what would you need to know before you did?
i. public key cryptography(the short, short intro)
public key cryptography
how do you send a message over an insecure channel?
dishonest mailman example lock store example trapdoor functions: discrete log, factoring
easy to get the public key from the private key hard to get the private key from the public key
ii. the web of trust
why a web of trust?
F4DDBFAE 4676F327
D9F57808 AF9929E4 F61D2E61 668D922A
5e345628
trust the validity of keys you’ve never seen before!
what about trusted third parties?
Trust Reseller
Client Client Client Client Client
Trust Reseller Expensive Client
Root CA
no loops in the graph means this just isn’t very interesting.
wot vs. ttp trusted third parties bear responsibility for
the PKI… …but the web of trust is free
the web of trust is more resilient against compromise (if used properly)…
…but the “pay and forget” of trusted third parties is so much simpler, less error prone, and less time consuming
example web of trust
web of validation signing a key validates the key
personal assertion of key material and identity trustworthiness
validation is a subset of trust: it’s 100% trust because you’ve verified it yourself
setting trust level is for introductions assigned trust vs. calculated trust
signed keys are validated, unsigned keys are trusted why don’t more intros make this distinction?
building a web of trust$ gpg --update-trustdbgpg: public key 7FADFC67 is 10809 seconds newer than the signaturegpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 2 signed: 124 trust: 0-, 0q, 0n, 0m, 0f, 2uNo trust value assigned to:2048R/7FADFC67 2002-05-19"mike davis (this is a secondary email address since i nolonger control the primary)
<[email protected]>"aka "mike davis <[email protected]>"Primary key fingerprint: E2 45 53 28 AF 7E 7D 6F 43 77 E1 F3 92 AD 53 8E
Please decide how far you trust this user to correctly verify other users' keys(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say2 = I do NOT trust3 = I trust marginally4 = I trust fullys = skip this keyq = quit
Your decision?
validity vs. trust
$gpg --edit-key setientgpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.
pub 1024D/251772FE created: 2004-07-11 expires: never usage: CS trust: never validity: fullsub 2048g/C53F06A3 created: 2004-07-11 expires: never usage: E[ full ] (1). Ronald Cotoni (Setient) <[email protected]>
iii. managing trust
goals
verify that a key is accurate check the fingerprint
verify that key ownership is accurate check the name against photo ID send key to email address
verify the key/identity binding remember that uids are for human
convenience
key/identity binding?pub 1024D/5E345628 2002-01-24
uid Seth Hardy <[email protected]>
sig 031A630B 2005-01-28 Markus Frahm <[email protected]>
sig 3 033849C4 2004-12-31 Mendel Mobach <[email protected]>
sig 063671CE 2003-09-25 Phiz <[email protected]>
signatures are on user IDs the fingerprint must be checked
before any user id should be signed each user ID should be signed
separately
identity verification without an ID?
what if someone refuses to show ID? what if the name someone goes by
(and is on the key) does not match what is on the ID?
should people who go by pseudonyms or handles, and paranoid people in general be excluded?
I never sign a key that doesn’t have a real name on it. There’s no way to verify a handle.
verifying a handle is impossible.
who is this person?
identity verification and policy compliance
what if you don’t want to give out identity information?
what if you can’t give out identity information?
these scenarios may be unlikely, but they are entirely within the realm of possibility
not just secret agents: medical records (HIPAA/PIPEDA/PHIPA), financial records, trade secrets
A person only has one unique identity.
going by a pseudonym?
pub 1024D/3BEF5C7B 2007-02-28 Key fingerprint = 44CF 6ECA 781C 578B 6318 2A2D CAFA D04C 3BEF 5C7Buid John Doe (Work Key) <[email protected]>sub 2048g/A751D8DD 2007-02-28
pub 1024D/1B629B3D 2005-12-27 Key fingerprint = 965E F829 EA6C 9174 4B46 43E1 4513 9A86 1B62 9B3Duid u1tr4 l4s3r <[email protected]>sub 2048g/1F8E2EEA 2005-12-27
if not, maybe it’s time you start…
a serious example who is [email protected]?
they have 24 signatures they have signed 3 other keys msd of 4.6305 msd ranking 2750 only three hops from my key
$ gpg --fingerprint f8376205pub 1024R/F8376205 1997-07-01 Key fingerprint = 19 57 B6 26 AB F1 81 A4 A4 F9 4E CE F5 27 4C F5uid [email protected]
four paths, three hops
You can always trust a photo ID.
you can’t go wrong with photo ID
what’s wrong with this picture?
I never sign a key that doesn’t have a real name on it. You can always verify a real name with photo ID.
the importance of checking photo ID
do you recognize this man?
how good is ‘good’? by current ‘good’ keysigning practice, we
can NOT use: pseudonyms organizations role-based keys informal social networks
contradictions and blatantly wrong info in ‘official’ documentation
people refusing to sign keys because of information that is inaccurate
you must trust something ultimately you need to trust some link in
the system... photo IDs, other documents can be forged
do you ask for a birth certificate? (s)talk to the person’s family? social reputations may be more fault tolerant but
have no paper can you trust anything you can’t verify with
your own two eyes (e.g. photo uids)? why not trust things you know you can
trust, instead of what people say you should?
social networks 2.0 social networks are very fault tolerant how many people here are on
LinkedIn? Myspace? Facebook? web 2.0 communities where the users
provide content-- how about flickr?
fault tolerant social networking already exists, why not trust it when we trust it for so many other things?
hybrid approaches resilience of web of trust, centralized
trust from a trusted third party? CACert is a new certificate authority,
will issue SSL certificates for free (the caveat is that their root
certificate isn’t in most browsers yet) these SSL certificates can have only
information that is verified by the web of trust
iv. conclusions and observations
conclusions and observations
managing trust is hard that’s why companies can get paid to do
it for you security and usability are a trade-off
this trade-off may be necessary for policy compliance
pgp is an excellent cryptosystem it’s just too bad so many tutorials neglect
what’s most important
conclusions and observations identity management is for people
it’s hard, but we need it at some point, you have to trust some
outside source would you rather trust a piece of plastic
or a reputation? are you allowed to trust a reputation? do you want that outside source to be
(potentially) legally liable for your security?
questions?