Delivery-Date: Fri, 19 Feb 2016 12:13:06 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7F99B1E0C75;
	Fri, 19 Feb 2016 12:13:03 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D6C0F3982B;
	Fri, 19 Feb 2016 17:12:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F0BFB3982A
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 17:12:54 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 6AzM89--PuZP for <tor-talk@lists.torproject.org>;
 Fri, 19 Feb 2016 17:12:54 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id CF8F83980B
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 17:12:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=KOR18tXROw9taUq3/YM3i8KkPG8GsP0lSWdiU96L1jw=; 
 b=pA846h3mgPynuovicPzCnBMAXB9ttimaHnW/2hvjeQ/chSVUUTtgsGUtEBzdApLanj2+jYnnkbkrQCspS0nZbXJHa9Z5jlx3PSlA27GIH2IIgwm7dDGkTye9WtyYcWcSCip7ACmaOhyd/01BcPhg++rdMsne8P6jVcGzIaMDwec=;
Received: ; Fri, 19 Feb 2016 09:12:51 -0800
Date: Fri, 19 Feb 2016 09:12:50 -0800
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20160219171249.GE7036@mail2.eff.org>
References: <CAD--ZDVZECJ+gcx5MF51VTJ97pMzzROSVrDmpR7L1F-_hOF1OA@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAD--ZDVZECJ+gcx5MF51VTJ97pMzzROSVrDmpR7L1F-_hOF1OA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] PGP and Signed Messages,
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Nathaniel Suchy writes:

> I've noticed a lot of users of Tor use PGP. With it you can encrypt or sign
> a message. However how do we know a key is real? What would stop me from
> creating a new key pair and uploading it to the key servers? And from there
> spoofing identity?

The traditional answer, which amazingly nobody has mentioned in this
thread, is called the PGP web of trust.

https://en.wikipedia.org/wiki/Web_of_trust

In the original conception of PGP, people were supposed to sign other
people's keys, asserting that they had checked that those keys were
genuine and belonged to the people they purported to.

This is used most successfully by the Debian project for authenticating
its developers, all of whom have had to meet other developers in person
and get their keys signed.  Debian people and others still practice
keysigning parties.

https://en.wikipedia.org/wiki/Key_signing_party

This method has scaling problems, transitive-trust problems (it's possible
that some people in your extended social network don't understand the
purpose of verifying keys, or even actively want to subvert the system),
and the problem that it reveals publicly who knows or has met whom.  For
example, after a keysigning party, if the signatures are uploaded to
key servers, there is public cryptographic evidence that all of those
people were together at the same time.

So there is a lot of concern that the web of trust hasn't lived up to
the expectations people had for it at the time of PGP's creation.

People also don't necessarily check it in practice.  Someone made fake
keys for all of the attendees of a particular keysigning party in
2010 (including me); I've gotten unreadable encrypted messages from
over a dozen PGP users as a result, because they believed the fake key
was real or because software auto-downloaded it for them without
checking the signatures.

If you did try to check the signatures but didn't already have some
genuine key as a point of reference, there's also this problem:

https://evil32.com/

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

