tech-security: Re: key trust management (Re: adding gpg to src/gnu/dist)

Subject: Re: key trust management (Re: adding gpg to src/gnu/dist)
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-security
Date: 05/15/2004 13:05:10

[ On Saturday, May 15, 2004 at 10:56:27 (+1000), Daniel Carosone wrote: ]
> Subject: key trust management (Re: adding gpg to src/gnu/dist)
>
> I can, in a strict x.509 hierarchical model, implement a web of trust.
> [[....]]
> 
> Now, one of the ICA's I set up is the "NetBSD user Web-of-Trust
> CA". Under this CA, my criteria for signing x.509 certs are that I
> receive a CSR signed by a PGP key (of matching name) that has achieved
> enough points to be valid according to my PGP web of trust. PGP (with
> my personal ownertrust settings) is the RA.

So, how would you do this _without_ the existing PGP web of trust?

> Thawte's "freemail" s/mime certificates work in a somewhat similar
> manner - the CA issues certs based on trust settings that are
> accumulated in a web-of-trust manner between users, with a points
> scheme.  I tend to call it "Certrimetics" because it has a surface
> similarity with the various MLM schemes, but it's a practical and
> effective illustration of the point.

But if I understand correctly it's still not a true web-of-trust.
There's still one root certificate that ultimately has to be trusted.

There is no one root in the PGP web-of-trust (especially if people do
some regular, even if random, out-of-band verification of key
fingerprints for any keys they've retrieved from public key servers or
other potentially untrusted sources such as "finger" or SMTP).

> As far as I'm concerned, no *signature* is likely in
> itself to make the signed file less secure.

that's a good point!  :-)

> What will detract from the scheme, and potentially make things less
> secure, is if it is too complex for end users to understand, and
> particularly if implementation mistakes allow automated tools to apply
> inappropriate trust to the usage of various certificates or keys.

Indeed.

I think end users do already understand the x.509/SSL scheme, but that's
because there's a societal basis for trusting the root CA(s) _and_
there's an existing mechanism for making it easy for end-user software
to verify signatures against those root CA(s).  If I understand
correctly that would not, and could not, be true for a stand-alone
NetBSD-CA, at least not without the assistance of PGP, so ultimately end
users would need some PGP software anyway (and all end users should get
some PGP software for other purposes!).

I think end users also can intuitively understand the PGP web-of-trust
because it's based on an even deeper, almost animal, basis for how it
works in real life, _and_ we have an existing key server infrastructure.

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>