[tor-talk] PGP and Signed Messages,

Seth David Schoen schoen at eff.org
Fri Feb 19 17:12:50 UTC 2016


Nathaniel Suchy writes:

> I've noticed a lot of users of Tor use PGP. With it you can encrypt or sign
> a message. However how do we know a key is real? What would stop me from
> creating a new key pair and uploading it to the key servers? And from there
> spoofing identity?

The traditional answer, which amazingly nobody has mentioned in this
thread, is called the PGP web of trust.

https://en.wikipedia.org/wiki/Web_of_trust

In the original conception of PGP, people were supposed to sign other
people's keys, asserting that they had checked that those keys were
genuine and belonged to the people they purported to.

This is used most successfully by the Debian project for authenticating
its developers, all of whom have had to meet other developers in person
and get their keys signed.  Debian people and others still practice
keysigning parties.

https://en.wikipedia.org/wiki/Key_signing_party

This method has scaling problems, transitive-trust problems (it's possible
that some people in your extended social network don't understand the
purpose of verifying keys, or even actively want to subvert the system),
and the problem that it reveals publicly who knows or has met whom.  For
example, after a keysigning party, if the signatures are uploaded to
key servers, there is public cryptographic evidence that all of those
people were together at the same time.

So there is a lot of concern that the web of trust hasn't lived up to
the expectations people had for it at the time of PGP's creation.

People also don't necessarily check it in practice.  Someone made fake
keys for all of the attendees of a particular keysigning party in
2010 (including me); I've gotten unreadable encrypted messages from
over a dozen PGP users as a result, because they believed the fake key
was real or because software auto-downloaded it for them without
checking the signatures.

If you did try to check the signatures but didn't already have some
genuine key as a point of reference, there's also this problem:

https://evil32.com/

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the tor-talk mailing list