Free software discussion group this Thursday 15 August
Hi everyone, The time of our next monthly meet-up is approaching. Take a look at what we've got lined up: * Ben McGinnes of Pirate Party Australia Ben will be discussing the Pirate Party's take on copyright, patents and privacy. This had to be postponed by a month due to a last minute emergency, but it will be on this Thursday to be sure! * Intro to GnuPG, followed by keysigning The revelations of the PRISM program have made everyone rethink what they are exposing online, and GnuPG is perhaps one of the best tools to help protect yourself. We will walk you though the basics of how it works, and how to get started. Additionally, we will be holding Free Software Melbourne's first ever official keysigning event, helping you put that GPG knowledge to immediate use! If this interests you, don't forget to bring along sufficient proof of ID. Ideally 2 forms of government issued photo ID should be used. If you are already a GnuPG user and are interested in participating in the keysigning, it would be helpful if you could print out up to 20 small strips of paper with the output of the following command on each: gpg --fingerprint KeyID Also note on the strip if you want your signed key returned to you or published directly to a public keyserver. More details on all of this is here: http://keysigning.org/methods/adhoc * Followed by dinner at a nearby restaurant We haven't decided on a place for dinner yet, but we're always open to suggestions. Don't forget to mark the event on your calendar - Date: Thursday 15 August Time: 6-9pm Location: VPAC Head Office Training Room Level 1, Building 91, 110 Victoria Street A map is on the website: http://www.freesoftware.asn.au/melb/ Hope to see you there! Cheers, Adam
Adam Bolte <abolte@systemsaviour.com> writes:
Also note on the strip if you want your signed key returned to you or published directly to a public keyserver.
For the benefit of all participants, I strongly recommend all signed public keys get sent back to the public keyserver network. Remember, we're signing your key not only for your benefit, but also for ours: we want our public keys to be associated in the Web of Trust. So I think it's impolite to make use of a keysigning party, then decline to put one's public key in the public keyserver network. What good reasons are there to abstain? -- \ “A thorough reading and understanding of the Bible is the | `\ surest path to atheism.” —Donald Morgan | _o__) | Ben Finney
On 12/08/13 10:08, Ben Finney wrote:
So I think it's impolite to make use of a keysigning party, then decline to put one's public key in the public keyserver network. What good reasons are there to abstain?
I have come across one person who prefers to upload the signatures to the public keyserver themselves, because they are particular about sanitizing the signature set (such as rejecting ones that rely on SHA1 instead of SHA512). I guess there are small privacy advantages, by not making your network associations publicly visible, although that would mean the person did not sign anyone else's key either, which really does seem to lack community spirit! To me, the advantages of having my signed key available through a number of channels outweighs the minor loss of privacy, and I agree it makes good sense to upload them. Glenn -- sks-keyservers.net 0x6d656d65
On 12 August 2013 11:13, Glenn McIntosh <neonsignal@memepress.org> wrote:
I have come across one person who prefers to upload the signatures to the public keyserver themselves, because they are particular about sanitizing the signature set (such as rejecting ones that rely on SHA1 instead of SHA512).
Note you really have to send to key to the person, using the email address on the key you signed, and then get them to publish the key. Otherwise, how can you be sure that the email address you just signed is correct? -- Brian May <brian@microcomaustralia.com.au>
On 12/08/13 11:24, Brian May wrote:
Note you really have to send to key to the person, using the email address on the key you signed, and then get them to publish the key.
Otherwise, how can you be sure that the email address you just signed is correct?
Yes, indeed. -- sks-keyservers.net 0x6d656d65
Brian May <brian@microcomaustralia.com.au> writes:
Otherwise, how can you be sure that the email address you just signed is correct?
You don't need to know that it's correct. The purpose of your signature is not to say “this is a correct email address”, since that can change at any point in the future. Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”. You're recording a historical fact, true for a point in time, not guaranteeing that any particular thing will work in future. -- \ “Beware of bugs in the above code; I have only proved it | `\ correct, not tried it.” —Donald Knuth, 1977-03-29 | _o__) | Ben Finney
On 12/08/13 15:49, Ben Finney wrote:
Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.
You're recording a historical fact, true for a point in time, not guaranteeing that any particular thing will work in future.
Yes, agreed. The signature binds information to a PGP key at a point in time. Glenn -- sks-keyservers.net 0x6d656d65
Glenn McIntosh <neonsignal@memepress.org> writes:
On 12/08/13 15:49, Ben Finney wrote:
Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.
Yes, that's what your signature means. But “this email address is connected with this person” is satisfied by “this person told me this email address identifies them”. If you're expecting a signature to mean “I have verified this email address delivers mail to this person”, you're going to be disappointed since that's not what it's meant to imply :-) -- \ “Odious ideas are not entitled to hide from criticism behind | `\ the human shield of their believers' feelings.” —Richard | _o__) Stallman | Ben Finney
On Mon, Aug 12, 2013 at 05:04:50PM +1000, Glenn McIntosh wrote:
On 12/08/13 15:49, Ben Finney wrote:
Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.
This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits. On one hand, when in doubt I'd like to err on the safe side. On the other hand, my key currently has two e-mail uids and I believe some people have quite a few, so signing uids individually, encrypting them and sending them out to each address could get tedious very quickly. It seems PIUS ( http://www.phildev.net/pius/ ) might be an easy way to solve just this problem, so I might give it a try.
On 12 August 2013 18:16, Adam Bolte <abolte@systemsaviour.com> wrote:
This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.
Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does. So I could get people to sign my key as: Brian May <brian@brianmay.com> It matches my passport. It looks right. It must be ok, right? The fact this email address may not be valid doesn't matter (and is probably better that way). I now can impersonate Brian May[2], and ensure he gets blamed for all my evil doings. Just as he could have a certificate signed with my email address, and pretend to be me. Sure, he won't get the emails, but can still do a lot of damage. [1] Almost always anyway. Sometimes email addresses can be reassigned however (IIRC Yahoo or somebody was doing this). [2] hint: http://www.brianmay.com/ - it isn't me! -- Brian May <brian@microcomaustralia.com.au>
On Tue, Aug 13, 2013 at 10:24:22AM +1000, Brian May wrote:
On 12 August 2013 18:16, Adam Bolte <abolte@systemsaviour.com> wrote:
This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.
Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does.
And not only that. If caff is used, the gpg signauture will be sent encrypted and the owner of the email address has to have the secret key to open the encrypted signature.
On 13 August 2013 10:39, Aníbal Monsalve Salazar <anibal@debian.org> wrote:
And not only that. If caff is used, the gpg signauture will be sent encrypted and the owner of the email address has to have the secret key to open the encrypted signature.
Good point. For that matter, would anyone here object to signing the following key for me? If so, why? If not, why not? Brian Mays <brian@debian.org> Do a Google search, if lucky you may find that I use to be responsible for PCMCIA in Debian, but run out of time, so now other people have taken over. Yes, I am definitely a Debian developer too. That email address is a valid email address too (Google can prove this). Most people signing wouldn't bother checking details like this with Google. -- Brian May <brian@microcomaustralia.com.au>
On Tue, Aug 13, 2013 at 11:01:02AM +1000, Brian May wrote:
For that matter, would anyone here object to signing the following key for me? If so, why? If not, why not?
Brian Mays <brian@debian.org>
http://web.archive.org/web/20070406152603/http://blog.madduck.net/geek/2006.... During one of Debian's KSP (Oaxtepec, Mexico) a DD printed and used his own ID issued by the Transnational Republic. I and a few folks noticed it. See webpage above. It caused a huge mail thread. See it at the web address below. http://lists.debian.org/debian-devel/2006/05/msg01615.html
Do a Google search, if lucky you may find that I use to be responsible for PCMCIA in Debian, but run out of time, so now other people have taken over. Yes, I am definitely a Debian developer too. That email address is a valid email address too (Google can prove this).
Most people signing wouldn't bother checking details like this with Google.
To avoid the problem of Brian May (May != Mays) submitting Brian Mays' public key for a KSP, we request the public key signed with the same key. See the instructions for the annual Debian KSP at the webpage below. http://people.debian.org/~anibal/ksp-dc13/ksp-dc13.html It allows to check who use SHA2 in preference to SHA1 for signatures. In Debian we have been moving away from 1K DSA keys as the primary keys with SHA1 as the preferred hash to 4K (at least 2K) RSA keys with strong SHA2 signatures. BTW, to use SHA2 in preference to SHA1 add at the end of ~/.gnupg/gpg.conf: personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed If you use caff [1] for signing keys you will also need to add these lines to ~/.caff/gnupghome/gpg.conf as well, otherwise your signatures will be SHA1. [1] http://pgp-tools.alioth.debian.org/
On Tue, Aug 13, 2013 at 10:24 AM, Brian May <brian@microcomaustralia.com.au>wrote:
On 12 August 2013 18:16, Adam Bolte <abolte@systemsaviour.com> wrote:
This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.
Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does.
[etc] I'm lost, maybe somebody can enlighten me. The "Web of trust" entry in wikipedia says: "a *web of trust* is a concept used in PGP<https://en.wikipedia.org/wiki/Pretty_Good_Privacy>, GnuPG <https://en.wikipedia.org/wiki/GNU_Privacy_Guard>, and other OpenPGP<https://en.wikipedia.org/wiki/OpenPGP>-compatible systems to establish the authenticity of the binding between a public key and *its owner*" Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner? E.g. assume that someone is involved in a OSS project under a pseudonym and very few contributors inside the project actually know the person under that pseudonym (even more, say none outside the project know the actual person). Now, that person would like to have that* pseudonym* trusted by all the project members and outside the project's contributors circle, but *without disclosing to real person identity*. Let's assume the presence at the "signing party" of one "trusted member of the web of trust" that can vouch for the one the "known by pseudonym only" participant. How does it work? Can the public key for the pseudonymous participant be "certified as trusted" at that signing party? (rephrasing the question: is a signing party a method good enough to establish a trust relationship in a "pseudonymous persona"? If not, why?) Adrian
On 13 August 2013 15:38, Adrian Colomitchi <acolomitchi@gmail.com> wrote:
Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner?
I have the same problem. I don't think the govt/authority emitted ID means anything really. Different people can share the same name, so it doesn't uniquely identify the person. Furthermore I think I can change my legal name and have it be the same as some other person. The good thing about email addresses is generally they are not shared and they are not reused. So it becomes a good way of identifying people. e.g. this is what git uses to identify authors. Of course, this isn't perfect. "Not reused" is not guaranteed. I use to make work related git commits using my work email address, however if I left my current job they are free to reuse my email address (they say they won't and it is unlikely to be an actual issue). So all my git commits would now belong to somebody else. I can't change these either, without rewriting the entire git history for these projects. So now I use my personal email address which I know will last. Both names and email addresses can change. Which is a problem, however this doesn't necessarily invalidate the old id. -- Brian May <brian@microcomaustralia.com.au>
You seem to suggest that an email address is as best an ID as there could be. My question: why is there a need for any other ID that's different from the public key? I.e.: the "sufficient certification" should actually be "We, the signers of this public key, certifies this public key belongs to a person we trust"? (and, of course, refuse to sign a key for any person they don't actually trust, no matter the govt issued ID-es or anything else). Why would one need to ask something in addition (impose extra requirements that don't add much to the "trust relationship"?) Maybe I'm wrong, but starting from a certified public key (and the dual ownership of the private one), the owner can use it to "self-sign" any other pairs for the email addresses of the various personas (or servers that she sets up, or public keys owned by other person that she trusts). Is it not so? Adrian On Tue, Aug 13, 2013 at 3:56 PM, Brian May <brian@microcomaustralia.com.au>wrote:
On 13 August 2013 15:38, Adrian Colomitchi <acolomitchi@gmail.com> wrote:
Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner?
I have the same problem. I don't think the govt/authority emitted ID means anything really. Different people can share the same name, so it doesn't uniquely identify the person. Furthermore I think I can change my legal name and have it be the same as some other person.
The good thing about email addresses is generally they are not shared and they are not reused. So it becomes a good way of identifying people.
e.g. this is what git uses to identify authors.
Of course, this isn't perfect. "Not reused" is not guaranteed. I use to make work related git commits using my work email address, however if I left my current job they are free to reuse my email address (they say they won't and it is unlikely to be an actual issue). So all my git commits would now belong to somebody else. I can't change these either, without rewriting the entire git history for these projects. So now I use my personal email address which I know will last.
Both names and email addresses can change. Which is a problem, however this doesn't necessarily invalidate the old id. -- Brian May <brian@microcomaustralia.com.au> _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-m...
Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Adrian Colomitchi <acolomitchi@gmail.com> writes:
My question: why is there a need for any other ID that's different from the public key?
The entire purpose of a keysigning party is to gather *independent verification* that the key ID is correctly associated with that person. This is why we ask for identifiers that are independent of the web of trust, and why we require the person to assert in our presence that the key is theirs, and why we prefer identifiers that tend to be easily verified and issued by well-known bodies to individual persons by a verifiable process. It is also why no-one needs to sign any key in the presence of anyone else. It's entirely up to the signer whether they are satisfied with the key-holder's identity, and they can wait until after the party to sign or not.
I.e.: the "sufficient certification" should actually be "We, the signers of this public key, certifies this public key belongs to a person we trust"?
A keysigning party is designed to make it easier for people who may not have sufficient people in close proximity who trust merely their word, to meet many people at the same time and make worthwhile their efforts to present verification of identity.
(and, of course, refuse to sign a key for any person they don't actually trust, no matter the govt issued ID-es or anything else).
You don't have to trust a person in order to sign their key. You are not asserting trust; that's entirely your business, and you never need to disclose it. Rather, your signature on a key says *only* that you have verified the person's identity and the person tells you this key is controlled by them.
Why would one need to ask something in addition (impose extra requirements that don't add much to the "trust relationship"?)
Key signatures are about asserting identity, not about trust. Trust depends on reliable identity, but is not the same thing. GnuPG maintains an entirely separate database for trust (specifically, your level of trust that the key-holder can competently manage their key and signatures) – and it is entirely private to you. -- \ “It's dangerous to be right when the government is wrong.” | `\ —Francois Marie Arouet Voltaire | _o__) | Ben Finney
Ah, I get it now. Key signing is one way of certifying identity. Identity *may* be a contributing factor in trust, but establishing a "Web of trust" is not the primary objective of the key signing parties. Thanks, Adrian On Tue, Aug 13, 2013 at 4:56 PM, Ben Finney < ben+freesoftware@benfinney.id.au> wrote:
Adrian Colomitchi <acolomitchi@gmail.com> writes:
My question: why is there a need for any other ID that's different from the public key?
The entire purpose of a keysigning party is to gather *independent verification* that the key ID is correctly associated with that person.
This is why we ask for identifiers that are independent of the web of trust, and why we require the person to assert in our presence that the key is theirs, and why we prefer identifiers that tend to be easily verified and issued by well-known bodies to individual persons by a verifiable process.
It is also why no-one needs to sign any key in the presence of anyone else. It's entirely up to the signer whether they are satisfied with the key-holder's identity, and they can wait until after the party to sign or not.
I.e.: the "sufficient certification" should actually be "We, the signers of this public key, certifies this public key belongs to a person we trust"?
A keysigning party is designed to make it easier for people who may not have sufficient people in close proximity who trust merely their word, to meet many people at the same time and make worthwhile their efforts to present verification of identity.
(and, of course, refuse to sign a key for any person they don't actually trust, no matter the govt issued ID-es or anything else).
You don't have to trust a person in order to sign their key. You are not asserting trust; that's entirely your business, and you never need to disclose it.
Rather, your signature on a key says *only* that you have verified the person's identity and the person tells you this key is controlled by them.
Why would one need to ask something in addition (impose extra requirements that don't add much to the "trust relationship"?)
Key signatures are about asserting identity, not about trust. Trust depends on reliable identity, but is not the same thing.
GnuPG maintains an entirely separate database for trust (specifically, your level of trust that the key-holder can competently manage their key and signatures) – and it is entirely private to you.
-- \ “It's dangerous to be right when the government is wrong.” | `\ —Francois Marie Arouet Voltaire | _o__) | Ben Finney
_______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-m...
Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
BTW - I just re-read the "Web of trust" part of "Little brother"<http://craphound.com/littlebrother/download/>(takes < 10 mins): still by key-signing, still a "party", other goals (establishing transitive trust, not identity). Adrian On Tue, Aug 13, 2013 at 5:03 PM, Adrian Colomitchi <acolomitchi@gmail.com>wrote:
Ah, I get it now.
Key signing is one way of certifying identity. Identity *may* be a contributing factor in trust, but establishing a "Web of trust" is not the primary objective of the key signing parties.
Thanks,
Adrian
Thanks for all the clarifications you've made, Ben. Its added a little clarity. About identification being hard, do many people embed photographs, or scans of their identity documents, within their pubkey, ie as discussed here? http://superuser.com/questions/336894/how-can-i-add-my-picture-to-my-public-... It seems like being a good way to prove to people who have met you that your public key identifies you.
Adrian Colomitchi <acolomitchi@gmail.com> writes:
Now, my question: what an email address has to do with the identity of the owner?
An email address is always globally unique. A common name (e.g. “Ben Finney”) is often not globally unique. Therefore, to identify an individual person, an email address is better than only a name. Better still is their name and an email address for them.
By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner?
Identity is a problem without a simple solution. A big part of human brains is, quite literally, designed to deal with the problem. Gathering easily-verifiable low-collision evidence of a person's unique identity – e.g. email address, government-issued identifiers, photos, etc. – makes the problem easier to deal with. But if you're implying there is no perfect solution to the problem of identifying people? Of course, there isn't. Yet we still need to deal with the problem.
E.g. assume that
Let's keep it to real examples. Hypothetical examples that are difficult to deal with are endless, but they don't defeat the purpose of identifying people to the best of our ability. In other words: Don't let the perfect be the enemy of the good. -- \ “You can't have everything; where would you put it?” —Steven | `\ Wright | _o__) | Ben Finney
participants (7)
-
Adam Bolte -
Adrian Colomitchi -
Andrew Spiers -
Aníbal Monsalve Salazar -
Ben Finney -
Brian May -
Glenn McIntosh