PGP/GnuPG June Key Analysis 70
Drew Streib writes: "In the spirit of some work begun by Neal McBurnett a few years ago, there is a June report of keys from global keyservers. This report covers about 1.5 million keys, from a 1.7GB public binary keyring, focusing on keys that are nearest the center of the web of trust. Using a GnuPG key? This will tell you where you stand in the overall rankings, as well as signatures to look for. Not using one? Maybe you should be." This would be worth reading for the explanation of the analysis alone.
Any report on... (Score:3)
Don't you just wanna SHOOT those people!?!
- A.P.
--
I'll use GPG... (Score:4)
Good IMAP support (most stable I've seen)
SIMAP and SSMTP support
Graphical (hey, if I'm useing X, may as well use it)
Cross platform (can use it under Windows or Linux)
..while I'm at it, roaming profile support in mozilla would be nice too.
Re:PGP at work: (Score:1)
_____
Sam: "That was needlessly cryptic."
Re:I'll use GPG... [it's being done] (Score:3)
This is a fascinating bug, BTW. Discussion about NSA security policy, an NAI developer offering his time for the feature, and the effect the patch would have on the tree.
It's highly unlikely (based on the history and state of 0.92) that the patch will make it into the main build, but if you are brave and foolhardy you can try out the code yourself.
GnuPG/PGP Not Completely Compatible? (Score:2)
I've heard from a reliable source that GnuPG has compatibility issues with PGP. Messages signed/encrypted by one aren't always correctly handled by the other.
Anyone know if there's an issue here, and what it actually is?
Schwab
Re:What's wrong with search.keyserver.net? (Score:2)
The key servers talk HTTP on port 11371. There's also a way to do requests by e-mail, but I don't know the details of how that works.
Most depressing fact of analysis... (Score:2)
Since a self-signed key is no more reason to trust the key than finding it on a scrap of paper in the road, this allows us to compute the PGP clue of people using PGP keyservers.
And this is from the part of the population that has the clue to install PGP and find the "upload" button.
Not encouraging.
Lutz Donnerhacke on 33? shows the danger (Score:1)
to sign his key even though they never met him.
It shows how successful (and thus meaningless)
this web of trust is if you don't know the people
in that web personally. A high ranking in this
list can still be easily obtained, as Lutz has
shown.
Re:Lutz Donnerhacke on 33? shows the danger (Score:1)
with CCC/Cypherpunks/Hacktic that got requests
to sign his key. I guess originally it all stemmed
from the failed keysigning party at Hip'97.
(failed because DDT never published the material)
I guess I'll see Lutz and HAL2001, and he can
explain it
Paul
7 degrees... (Score:1)
Read the disclaimer (Score:2)
True, trust is not transitive and anyone can sign my key without even knowing me. But the fact is that very few people actually do that, so for statistical purposes only it still means something.
-
Re:What is the point of Public Key Servers (Score:1)
Electronic vs. physical identity (Score:1)
People are confusing physical and electronic identity.
My driver's license may prove that I'm John Q. Public, residing at 123 Cherry Tree Lane. Seeing it may be considered proof that I'm the person I represent myself as, if in fact I'm representing myself as John Q. Public, residing at 123 Cherry Tree Lane.
How would seeing that prove that I am the electronic identity I represent myself as? How do you know that maps to johnqp@lameisp.com? Perhaps it is jqpublic@otherisp.net. Perhaps both. Perhaps neither.
The reliance upon physical identity "proofs" to somehow certify electronic identity is fundamentally flawed and can/will be exploited in subtle manners to facilitate a Man in the Middle attack. (BTW, MitM attacks are also part of the reason for self-signed keys, questioned in another post.)
Since people seem to unable (for some reason) to get their minds around the difference between physical and electronic identities being unrelated, think for a moment about how one would get one's gnupg key signed, if one's email address was doglover@pets.org.
Re:Any report on... (Score:1)
There's a difference between signing and sending an encrypted message, though. The whole point of signing is so that you can verify with someone's public key that the message really came from whom it says it came from. Unless I were to sign all my message to you with your key, all my messages to Bob with Bob's key, etc., but that would get ugly.
Or am I misunderstanding something basic here?
Caution: contents may be quarrelsome and meticulous!
Re:PGP at work: (Score:2)
Tell them you'll quit as soon as those managerial types quit sending you email with random VB scripts attached :)
Caution: contents may be quarrelsome and meticulous!
Re:Most depressing fact of analysis... (Score:1)
---
Re:Keys with at least one outside sig (Score:1)
Using unverified public keys is still better than doing nothing. You're vulnerable to MITM attacks, but those require at least some sophistication on part of attacker. It protects you from casual mail-spool snoopers, etc. So it raises the bar. That alone is good enough reason to use it.
And if it gains popularity, things will get better. Right now, people have URLs and email addresses on their business cards. Maybe someday, PGP fingerprints will be on there too. Distant(?) future: Someone physically hands me a card with their fingerprint on it, and that fingerprint matches what I get from a keyserver. Then I'll know that key really goes with the person who handed me the card.
I don't know how to do signing parties either. Need intersection of geographical closeness with crypto-cluefulness and lack of apathy about privacy issues. I have no idea how to find people in that set.
---
Re:PGP at work: (Score:1)
I know you think you're joking, but that's only because you presumably don't work in an environment where management might think your suggestion was a really good idea, and want you to implement it immediately!
Re:Trust is not transitive (Score:2)
"Alice must make a decision in her own mind about whether Carol is a trusted signer."
"Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed."
You seem to be contradicting yourself. I agree with you up until the second last paragraph. Alice has a good key for Carol because she trusts Bob to sign keys. But the trust stops there - she shouldn't trust Carol to sign keys! As you said originally, she should know Carol and judge for herself if she can be trusted to sign keys.
Re:kmail and PGP (Score:1)
I have 372 mails in my kmail sent-mail folder and I have yet to get a question about the strange text at the beginning and the end of my messages...
I have even convinced one of my business partners to get a key so I could send him confidential information by email...
Q.
Re:In fairness.... (Score:1)
1. Uploaded a key.
2. Realized they don't personally know anyone else who uses crypto email and haven't heard of any keysigning parties anywhere nearby.
3. Are waiting for inspiration to strike.
:-(
Re:GnuPG/PGP Not Completely Compatible? (Score:1)
Mutt sends nice, new PGP/MIME messages. The friend with whom I communicate the most via GnuPG/PGP uses Outlook, which has no PGP/MIME support. So all of my messages to him are difficult to handle in Outlook, and all of his messages to me are a pain to decrypt in Mutt.
*sigh* When will we all be using a modern standard? There's just no chance that he'll switch to Eudora.
Re:With all these keys, why is communication so ha (Score:1)
The problem (Score:1)
I have to admit being part of this problem, as my key has been signed by only one other person. The reason: most of my friends don't use encryption, and I haven't heard of any key-signing parties in my area.
How is protecting your fundamental rights boring? (Score:1)
Today, thanks to Carnavore and Echelon, we are facing a future when our primary means of sending text messages, Email, is searchable and readable by the government without our knowledge.
We all have a duty to prevent that Orwellian future. This means adopting encryption and making it widely used. And this report is about how well (or poorly) we are doing that.
I don't know about you, but to me, protecting our privacy is immensely important.
Keysigning (Score:2)
If anyone is interested in NYC/Long Island, let me know!
Re:Keys with at least one outside sig (Score:2)
With all these keys, why is communication so hard? (Score:1)
Re:Trust is not transitive (Score:1)
Re:I'll use GPG... (Score:2)
------
Huh?? (Score:2)
Whaaaa???? And people still buy it? Are they nuts? What kind of security manager would recommend buying closed-source security packages?
------
Re:Whatabout spamming? (Score:1)
Re:What is the point of Public Key Servers (Score:1)
socialite (Score:2)
"...In my own self plug, my own key sits at #1555 with an MSD of 5.4901. I'm just back from a key signing party though, so we'll see how it moves next month..."
Mom: Johnny! What's that smell?
Johnny: What? It's nothin'...
Mom: Come over here. Let me see your eyes.
Johnny: C'mon, cut me some slack...
Mom: They're as red as an apple! Johnny...were you at one of those 'key signing' parties again??
Johnny: No Mom...Leave me alone!
Mom: What did I tell you about hanging around those crypto friends of yours. Are you back on PGP again?
Johnny: Go away! I hate you! You don't understand! *snort*
Mom:: If you're not careful you're going to catch something one of these days!
Re:I'll use GPG... (Score:2)
Mozilla mail doesn't work for me, period. It sure looks like it would be nice to use, but when I enter my data and hit "check mail" it just sits there and drools. No idea why. Kmail works just fine.
Re:PGP at work: (Score:1)
"This message has been digitally signed using the PGP protocol as proof of its authenticity. The following block of characters is the verifiable signature. Please see [insert url for pgp/gpg/whatever here] for more information if you would like to check this signature."
Although that wording may still be too technical for the complaining "managerial types."
---
Re:PGP at work: (Score:1)
---
Drew Streib, dtype.org [dtype.org]
Re:GnuPG/PGP Not Completely Compatible? (Score:2)
---
Drew Streib, dtype.org [dtype.org]
Self-signed keys *are* useful (Score:3)
I put my ID fingerprint on my business card, then my key on the keyserver. If somebody who has my card wants my key, they download it and compare the fingerprints. If they don't have my card, they can call me and read out the fingerprint, or verify it through some other means that is more trustworthy than email.
Self-signatures also prevent third parties from adding another email address to my certificate and submitting it back to the server. If each email address on a certificate is self-signed, only the posessor of the private key could have added those IDs to the key.
The web of trust is one way of verifying that a key really belongs to a particular principal, but it is not the only way. Flexibility is one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the trust web. If you roll your own offline verification method, you don't even need to trust any of them.
Re:Trust is not transitive (Score:1)
Re:What is the point of Public Key Servers (Score:1)
PGP at work: (Score:2)
Damn managerial types.
-----------------------------------------
Improve your stats - Keysigning Party HOWTO (Score:1)
Re:kmail and PGP (Score:2)
This is a good thing. If people ask about the text on the bottom of your message, then you can tell them about encryption and why it is a good idea to use it. It's not just that people don't want the hassle, some of them just may not know that encryption exists for the masses.
Enigma
Re:Whatabout spamming? (Score:1)
keyserver.net and wwwkeys.pgp.net synced? (Score:1)
Re:How is protecting your fundamental rights borin (Score:1)
Anyway, about PRZ and incompatibility: Will there be incompatibility between OpenPGP [openpgp.org] applications? I mean, will NAI really have any option but to comply with OpenPGP? After all, most PGP users thinks of PRZ as a man with very high integrity, and will not use anything that comes out of NAI if it isn't completely OpenPGP compliant. If businesses still trust closed source, that's their problem, but wouldn't widespread use of OpenPGP force compliance? (I haven't read the RFC, so I must admit I don't know if it does....)
Re:What's wrong with search.keyserver.net? (Score:1)
What's wrong with search.keyserver.net? (Score:2)
I have configured gpg according to to the webpage on the topic [keyserver.net], but it just responds:
gpg: error sending to `search.keyserver.net': eof
I have e-mailed the webmaster, but no respons. I had a few responses from the gnupg-users mailing lists, but nobody knows anything to resolve the problem. I have even tried to talk HTTP to it. It seems like it just won't listen. Is the server broken?
Everything works fine with wwwkeys.pgp.net, though.
Re:GnuPG/PGP Not Completely Compatible? (Score:1)
Re:PGP at work: (Score:3)
Have you considered putting a sig on the end stating that it's digitally signed? .. maybe why it's a good thing. (I do that sometimes.)
===
Re:Any report on... (Score:1)
So, obviously, in order to do that, you would sign the message with your private key, so that the person can then use your public key to verify it.
kmail and PGP (Score:1)
But when i signed my messages "everyone" started asking about the strange text att the bottom of my messages........
This technology has not been "integrated" enough
to make it a default standard.
Most people just want to send and read mail....
Re:Any report on... (Score:1)
In fairness.... (Score:1)
a) created their public key
b) uploaded it
c) had it signed by their mate(s)
d) didn't refresh the keyserver, but just updated their own keyring
But I still like the 11% statistic.
Keys with at least one outside sig (Score:1)
Only about 11 per cent of the keys have outside sigs, so for most of the keys you cannot trust the identity of the keyholder at all.
From a mathematical point, the "web of trust" is certainly a nice idea, as it scales very well. In practice, however, it is obviously too difficult to get one's key signed. How would you do it ? Travel to a key-signing party ? Too expensive, except if you live in some blessed place. Ask around in your neighbourhood, like "Hey, do you have a PGP key, and if yes, would you sign mine ?" - not very likely to work. I have considered using a CA nearby, but they only sign PGP 2.6.3 keys ...
It would be nice if someone (gnupg.org ?) would run a list where people can enter their name and address, indicating that they are willing to sign, such that others could look up a potential signer in their area. I know Debian has something like that, but there a just a handful of people on their list, spread all over the world - not really too useful.
Re:What is the point of Public Key Servers (Score:1)
I'd wonder how people would rate if I talked about 'Passport Service'(Score:5 Funny as hell)?
 _
Re:Trust is not transitive (Score:2)
Say a root CA A issues CA B, which in turn issues CA C. Carol's public key is digitally signed with CA C. Since Alice only has root CA A which comes with her browser by default(like Verisign). Alice then use CA B to verify CA C, then use root CA A to verify B. By this transitive relationship Alice can then trust Carol's public key as she can trust root CA A.
Too bad applying for a personal/server CA from root CA like Verisign is quite expensive. A free public key server is still very important to us.
 _
Re:What is the point of Public Key Servers (Score:4)
I wonder why this was mod'd as 'Funny'. It's a pretty good question.
It's not like 'centralizing' security responsibility as in 'Passport' services. It's a part of key-management/key-distribution in public-key encription system.
In layman's term, having a centralized public keys repository could help maintaining higher security comparing with requesting public key from an individual by email.
Say you'd like to send a confidential message to A, and you start by requesting A his public key; if an intruder is listening to your email, and learn from your initial public-key request mail that you are going to have a secure transfer, then the intruder might be able to impersonate A and send you a fake public-key.
That's more issues on it, just gave you a very simple exmaple....anyway I wish it helps.
 _
Re:PGP at work: (Score:1)
That will make them want to keep their password private!
Re:Widespread encryption: is it the answer? (Score:3)
What is the point of Public Key Servers (Score:2)
Trust is not transitive (Score:3)
What this means is that if Alice trusts Bob to sign keys, and Bob trusts Carol, Alice does not automatically trust Carol. She may not even know Carol. Just because Bob trusts her, that doesn't necessarily mean that Alice should trust her.
After all, Alice is trusting Bob to accurately sign keys. She judges in her own mind how trustworthy and reliable he is at this task. How likely is he to screw up and sign a bogus key? These are the issues she considers.
To have transitive trust, she needs to make a much more careful evaluation of Bob. She must decide not just how good he is at mechanically verifying keys, but also how good a judge of character he is. If she were going to trust Carol just on his say-so, she would need to know that he is able to judge good key signers. This is a different type of skill than just being a good key signer. It is a people skill, not a technical one.
For these reasons and more, PGP does not use transitive trust. If Alice trusts Bob as a signer, and he signs Carol's key, Alice concludes that she has a good key for Carol, that is, a key that truly belongs to Carol and not someone else. But she does not conclude that Carol is a good signer. PGP software will not treat signatures Carol makes as valid.
Alice must make a decision in her own mind about whether Carol is a trusted signer. Only if Alice marks Carol's key as trusted will Carol's signatures then start being effective. In PGP, it is the end user who makes the decisions about trust.
Because PGP uses non-transitive trust, the metric in the dtype.org article is not very relevant. It doesn't matter if there is a chain of signatures from Alice to Zelda, because that will not make Zelda's key trusted. Alice (and every other end user) needs to decide for themselves which keys they will trust.
What, then, is the role of the "Web of Trust" in PGP? It works like this. In the example above, suppose Alice knew Carol and did in fact want to trust her. Well, to trust her she needs her key. But how does she know that she got the right key? This is where the web of trust comes in.
If she gets Carol's key from the key server and it is signed by Bob, whom Alice knows and trusts, she can conclude from this that she has Carol's true key. She can then mark this key as a "trusted introducer" (in PGP terminology) and at this point, signatures issued by Carol's keys are trusted by Alice.
The web of trust played a part, by helping Alice to know that she had a good key from Carol. She didn't have to call Carol up and verify fingerprints, she didn't even have to sign Carol's key. Bob's signature on Carol's key was enough to know that the key was correct.
Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed. She knows that these keys are correct as well, and possibly some of those key holders are people Alice will also trust as introducers. In this way the Web of Trust gets extended, but each person makes his or her own trust decisions.
I hope this clarifies how the Web of Trust works in actuality.
Re:But GPG still does same thing when using blowfi (Score:2)
Well, no. "Security through obscurity" doesn't help much against a dedicated attack; since this is the only type of attack you need to worry about when you're using reasonably strong crypto, there's no loss in admitting the type of encryption. With only a handful of popular algorithms (and those not equally likely), you'd only be gaining one or two bits worth of security were you hide the algorithm. It isn't worth the trouble.
But still, when I encrypt data with one of the symmetric ciphers (-s) and specifically selecting the algorithm (blowfish, serpent, aes, etc.) with the --cipher-algo switch it produces some encrypted file which when I decrypt... does NOT require me to specify the cipher algo, yet still knows when I put in the wrong password.
This could still be accomplished by trying each of them and reporting failure if none of them worked. But in fact, the PGP file format [demon.co.uk] simply stores the information. Blowfish, etc. are handled similarly [demon.co.uk].
What does any of THIS have to do with public/private key ciphers?
Nothing. In my first post I was just addressing your question about how it could "know" if you had a bad key, without weakening the encryption.
-- MarkusQ
A grossly oversimplified explanation. (Score:3)
The public key is based on a number that is the product of two large primes. The private key is based on the primes.
When you attempt to decrypt the message you are in effect asserting "The public key was divisible by these two numbers." At that point it is easy to check, and say either "you are right, here's the plain text" or "nope, it isn't divisible by them." Thus GPG can tell when you put in the wrong key, since multiplying two numbers and comparing them to a third is easy. (Note again: this is a gross oversimplification to just nail down the point in question. There are a LOT of details beyond this.)
Notice that this does not mean that it is easy to "work out" the factors of the large number; the whole basis of this system is that it's easy to check an answer, but there are more potential answers than you could possible check (and a few other details, such as the fact that checking a subset does not provide any information about the unchecked values, etc.).
Hope that helps.
-- MarkusQ
Re:What is the point of Public Key Servers (Score:1)
That's called asymmetrical encryption. It's the reason PGP and similar cryptosystems are very convenient to use. Go get PGP or GPG and RTFM, you'll probably think it's pretty cool stuff.
99 buckets of bits on the wall...
Re:How is protecting your fundamental rights borin (Score:1)
Network Associates PGP has never been known for standards compliance; NAI has "joined" the Open PGP Alliance, but we will have to wait and see if they are really interested in cleaning up their act in this area.
Given that Network Associates have decided not to release the source code for PGP 7.x, the "latest & greatest" Win32 PGP version, I have my doubts about NAI's willingness to "do the right thing" with regard to standards compliance. If these decisions were up to the developers, I am sure that we would already have full source for PGP 7.x and that a standards compliant version from MAI would already be in the works. But the marketroids have the final say, and they seem to be saying, "Welcome to the complete Microsoft business model."
99 buckets of bits on the wall...
Re:How is protecting your fundamental rights borin (Score:2)
Network Associates PGP is closed source, as of release 7.x. Phil Zimmermann has left Network Associates' payroll, citing "philosophical differences" over the direction of PGP's development. (Can we say, "Ironcald non-disclosure & noncompete clauses"?) In the crypto world, this means that NAI PGP is dead and buried, though one can still decently use versions up to 6.5.8. We can hope that Network Associates management will come to their senses, but not expect it. PGP was great while it lasted, but as of 2001 it's over.
GPG is going to be the new standard, beyond question. Those who care about the issues that crypto addresses-- privacy, security, non-repudiation, and anonymity (remailers use PKI technology)-- need to put some focus on the fact that the vast majority of public key crypto users are still PGP users. In the transitional period following the de facto death of NAI PGP, compatability is the single most important issue. GPG and PGP key formats are partially incompatable and often fail to inter-operate.
From the standpoint of crypto advocacy, the incompatabilities between GPG and PGP create a logistical nightmare. It's hard enough to try to persuade "normal" people to use PGP; asking them to deal with two incompatable standards is simply impossible. You might as well tell them, "Crypto is beyond your reach, forget all about using it unless you are a computer professional." Or tell them that it's OK to use closed source crypto and just ignore all the Bad Things that this implies.
The PGP user community, made up largely of non-geeks, will largely disappear along with PGP itself, unless they are assisted in the transition to GPG. What they want and in many cases need, is Win32 binaries (already available), GUI front ends for Win32 (none yet exist, at least nothing comparable to the "PGP Tray" utility), and most of all, "legacy" support for PGP keys (not available and AFAIK not even planned). I personally have not published and do not use a GPG key, because I still have to maintain full compatability with PGP users.
Enough rant for now. Send your Windows oriented users to http://home.mpinet.net/pilobilus/EZ_PGP.htm [mpinet.net] if they are having trouble getting started with PGP. If you think my position has some sense in it, let the GPG developers know: because I want to take that PGP tutorial page DOWN sometime soon, and replace it with a GPG quick-start tutorial: One that the same kind of people who write to thank me for the existing page, will still be able to understand and use.
99 buckets of bits on the wall...
Three-tiered solution (Score:2)
And given the topic (privacy), no corporate or government agency will bother to invest in and standardize on a palitable service.
Without both the people, the government, AND corporate backing, no such mechanism can be considered a true success.
Whatabout spamming? (Score:1)