-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jun 16, 2003 at 02:34:26PM -0700, Trevor Perrin wrote:
I could be wrong, but it seems like PGP keysigning often happens without
Proof-of-Possession of the corresponding private key. For example, at PGP
keysigning parties, I think it's common for people to attest that a
fingerprint really belongs to them, but not have to produce signatures with
the corresponding private key.
That is true. Some people (like me) send a challenge to the email
address in the user ID, and require that the key owner sign the
challenge before I'll sign the key. There are a few variations on
this basic idea, some more rigorous than others.
Is there a risk that Alice could trick someone into certifying that Bob's
public key belongs to her? Then someone receiving a signed message from
Bob might incorrectly think it came from Alice.
Not really, since when Charlie certifies key X, he isn't certifying
that it belongs to anyone other than the string in the user ID.
Assuming Bob doesn't have a user ID "A-L-I-C-E", this shouldn't be a
problem ;)
Of course, it is possible for Alice to attach her own name to Bob's
key as a second user ID, but that user ID wouldn't be selfsigned and
so it would be difficult to get someone else to sign it.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE+7j/X4mZch0nhy8kRAiDvAJ4z56NpKT36kiqPTwt7emS63xxJOACeOfpN
NR6yO0oWFrs032JQjE4E1As=
=z0lH
-----END PGP SIGNATURE-----