ietf-openpgp
[Top] [All Lists]

Re: The purpose of this mailing list

1997-09-16 16:35:13
At 11:56 AM 9/15/97 -0400, Marc Horowitz wrote:
   Jon Callas <jon(_at_)pgp(_dot_)com> writes:
   
   I see one problem with this approach, and that is in looking up keys.
   If we use the email address as the DN, then DNS will make an excellent
   mechanism for looking up keys.  Of course, email addresses have
   certain problems as DN's, as Carl will point out of I don't.  If we
   think of the key as the DN, then we avoid those problems, but create a
   different one: given a signature, how do I find the key to use to
   verify it?  Past solutions are to carry certs around within every
   message, which is inefficient, or to have a global index, which
   doesn't scale.
   
   We need to solve this problem.  One option which comes to mind is to
   include a "domain name" for the a pgp cert RR with the message instead
   of the cert itself; this does not need to be signed, as the message
   verification will fail if it is modified.  Unfortunately, this has the
   problem that cert domain names may change or go away, making
   verification in the future difficult unless a long-term cert cache is
   kept near the message.
   
Actually, it is good to do both. Here's a quick example:

Suppose I want to send a message to my old college roommate, Tom. Unlike
Carl Ellison's quandry with his old roommate, Bob, I know precisely which
Tom he is. I know his name, address, email address, and phone number. I
just don't have his key. Using his email address as a DN with which to look
up his key is reasonable. Tom, on the other hand, should be able to use his
key with whatever user name (including no user name) he wants, depending on
the situation.

Once I have his key, I want to see if it's valid. The PGP software will do
this for me, and looks up each certification signature of his key using an
8-byte key id. If I phone Tom up to hand-verify it, then we'll use the
fingerprint. Each of these is a form of DN, and each has its place.

I concur that carrying around certs with messages is a bad solution. Some
machanisms for this actually increase the ability for people to do traffic
analysis on messages and carry plaintext information in the cert that makes
it worse than useless. If my PGP-encrypted mail carried in it my home
address and phone number, I think I'd stick to plaintext.

        Jon



-----
Jon Callas                                         jon(_at_)pgp(_dot_)com
Chief Scientist                                    555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                          Suite 570
(415) 596-1960                                     Redwood Shores, CA 94065