[Enigmail] and for my first mistake...

Robert J. Hansen rjh at sixdemonbag.org
Mon Jun 30 11:07:39 PDT 2008 

Faramir wrote:
> There is no problem using RSA keys, however, 4096 may be a bit too 
> much... most people seem to think 2048 is good enough (in fact, some 
> think 1024 is good enough). But it is your decision, these are
> standard keys, so all of them are valid (as far as I know).

IMO, the only purpose for keys larger than 2kbit is to appease the
tinfoil-hatters.

Breaking 2kbit keys will require -- will absolutely _require_ -- one of
these to be true:

   * Computers are built of something other than matter
   * Computers run on something other than energy
   * Computers operate in something other than time
   * Mathematics receives a quantum leap of a kind we can't imagine

Anyone who says "I use 4kbit keys because 2kbit just isn't secure enough
for me" is actually saying "while I believe 2kbit keys will soon fall to
these science-fiction attacks, I believe 4kbit keys will do just fine."

As for me, I'm a man of science.  When you start assuming
science-fiction attacks against my keys, I shrug and say "I dunno about
that."

>> ...and I published it to pool.sks-keyservers.net
> 
> Good, that seems to be the most reliable servers...

It is.  :)

> Ehh... there are 2 ways to sing a key, local (non exportable) and 
> "normal" (I don't know the name for that one).

Exportable and nonexportable.

> With local option, you sign the key to be able to send encrypted
> messages to that recipient, but you don't let other people know you
> trust that recipient.

More or less.  An exportable signature means "I'm convinced this email
address really belongs to this person -- you can count on me."

For instance, my signature is on key 0xF34F9073.  This is really a
statement to the world: "I'm convinced that [insert his email address
here] really belongs to Tristan Thiede."  It's an easy statement to
make: I've known him for fifteen years, we have coffee once every couple
of weeks, and he read his key fingerprint off his laptop screen to me.
Thus, I'm convinced I (a) know Tristan and (b) have a correct copy of
his key.

Thus, if you need Tristan's key and you trust me, well, my signature on
that key could be very useful to you.

However, there are times when we don't want to vouch for someone's
identity.  For instance, I've known John Clizbe for a few years now, but
only online.  I've never met him in real life.  I've never checked his
driver's license, never seen a passport.  For all I know his real name
is Mortimer Snerd.  Now, for all that, I think John is probably on the
level, so I've given his key a local signature.  This is my way of
saying "yeah, as far as I'm concerned John is who he says he is, but I
don't have much evidence to back that up, so please don't rely on this
signature."

> Another option is to have the key in a web site _and_ in a 
> keyserver... that way, people can download it from the website (and
> they can be more secure about that is the right key)

Not really.  The way to make sure you have the right key is to check the
key fingerprint.  If the key fingerprint matches up, then you have a
good copy of the key.  It doesn't matter one whit from where you get it.

I am not a fan of people hosting their own keys and asking they be kept
off the keyservers.  I have yet to hear a convincing argument for why
this is superior.

>> Also, can a key be signed by multiple people before it is uploaded
>> to a key server?  (I'm wondering how 'key parties' work)

The answer to the question is 'yes'.  :)

> For what I have read here, it is suggested to go to the 'key party' 
> carrying a lot of pieces of paper with your key ID printed on it, and
>  your ID card (you will need it to prove you really are you). Then, 
> people see your ID card, see your face, compare them, and if they are
>  convinced you are you, they take one of those pieces of papers and
> brind it home. Once at home, they take the papers, and begin to
> download and sign these keys, after that, they upload them to the
> keyserver, and that is all.

That's about right.  The only thing I would add is to bring more than
one form of ID.  An important step in the key signing process is not
just showing ID, but the signer deciding whether to accept the ID.  For
instance, let's say we're at a keysigning party, and you present me with
a driver's license.  I get the impression you're from South America:
Chile, Argentina, in there, although I don't think you've ever said so
explicitly.

I would hand the ID back to you.  "Sorry.  I don't know what a Chiléan
driver's license looks like.  I don't know if this is real.  It would be
easy enough to fake."

So next, you hand me a passport with "República de Chile" stamped on the
cover.  I visit the web site of the Chilean government, and check out to
see what the passport should look like and how I can spot a forgery.
Then I shake your hand, say "thank you very much," give you your
passport back, take your slip of paper with the key ID, and sign it later.

Passports are the gold standard for identity documents.  Military ID
comes in a pretty close second, driver's licenses and university ID
distant third and fourth.

More information about the Enigmail mailing list