ietf-openpgp
[Top] [All Lists]

Re: The purpose of this mailing list

1997-09-12 12:05:58
At 11:57 AM 9/12/97 +0100, Ian Brown wrote:
   b) PGP, in effect, uses e-mail addresses as its DNs. Ultimately, as Carl
   Ellison's SPKI work says, a PGP certificate represents a cyberspace
   entity, not a physical one. The most we can logically certify on a key,
   in a large-scale PKI, is that the public key represents a user within a
   domain who receives e-mail at that address. For example, my public key
   ID is 'Ian Brown <I(_dot_)Brown(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>' - but 
unless I meet you
   personally and give you a copy of my fingerprint/full key, there is no
   way to make a connection between the virtual and physical me. And
   really, there is little need to. All that is needed - which DNSSEC could
   provide - is a guarantee by the cs.ucl.ac.uk domain that the public key
   you possess really does belong to the person who receives mail at
   I(_dot_)Brown(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk(_dot_) 
   
   However, it will not be nearly as easy if we use a SDSI solution where
   the public key IS the DN. If I receive a PGP-encrypted message and know
   only (say) the key ID, with a distributed system, where do I go to
   retrieve the key? I think if we are to go the SDSI/SPKI route, we need
   to embrace it wholeheartedly - so there just will not be a global
   namespace, and so little need for keyservers.
   
   Apologies if this if gibberish, but trying to reconcile DNSSEC, SDSI,
   SPKI, X.509 and PGP is making my head spin a bit!
   
This isn't gibberish at all. It's closely related to a number of issues
we've been dealing with.

I agree and disagree with your statement, "P, in effect, uses e-mail
addresses as its DNs." I agree in that an Internet Email Address *is* a DN.
There are a couple obvious issues that causes people to stress over
admitting this (for example, multiple people could use a single email
account), but these same issues are there for any other form of DN (let's
face it, even if you solve the DN problem, there are corresponding gray
areas like the DN for the tech support group of XYZcorp, or the fact that
the mail sent to a Famous Person is likely to be read by an aide, in many
households there is one partner whose task it is to do the bills and thus
will read mail addressed to someone else).

Email addresses are DNs, but email addresses are not the sole DN that PGP
uses. A PGP cert can have many email addresses attached to it. Yes, I am
aware of the apparent contradiction of a cert having many DNs. I'll point
you to some of Carl's work on naming, and frankly I don't see a problem
with a cert having multiple DNs, but that's me.

The way that PGP users identify keys is by key fingerprint. Yeah, it also
uses keyid, too, but this is the "real" way that we PGP users verify a key
-- we check fingerprint. So you can consider the fingerprint to be a DN. 

But wait, there's more. If you have two PGP certs that contain the same key
material, PGP will merge them. I think this needs to change sooner or
later, but that's the way things are presently. So from this aspect, the
truest DN is the key itself. The notion that the fingerprint or key itself
is the truest DN sounds pretty SPKI/SDSI-like to me. 

Carl likes to ding PGP for being name-centric, and I hiss at him everytime
he does, because I don't think it is. The last time we talked (last week at
the W3C meeting in Belgium), I pointed out that in his talk he said that
the *only* application of PKC where names are important is email. Well?
What is PGP used most for? What are we trying to grow it past? Email. So
what's the big deal? 

The biggest advantage of a PGP cert has is the way that it is "agile" as
I've heard some people call it. If you want to look at how you fit PGP into
a world that thinks names are important, you can use an email address as a
DN. If you want to use PGP in a name where keys are important, use the
fingerprint (or key proper) as a DN. No biggie. In fact, one of the central
points of the way the web of trust is organized relates directly to
resolving this apparent dichotomy. The PGP software, since its earliest
days, manages this apparent dichotomy. The beauty of PGP as a PKI is that
it can easily bridge an X.509-like, name-centric world to a SPKI-like,
key-centric world.

        Jon



-----
Jon Callas                                         jon(_at_)pgp(_dot_)com
Chief Scientist                                    555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                          Suite 570
(415) 596-1960                                     Redwood Shores, CA 94065