On Fri, May 21, 2004 at 09:17:04AM -0400, Andy Stewart wrote:

HI all,

I recently received an email from Jeff Moyer on the WLUG list. Kmail noted that the digital signature was valid but untrusted (I thought that feature was broken - why is it suddenly working??). I had downloaded Jeff's key from the key server.

What establishes this key as trusted? Certainly, if I had signed Jeff's key myself, I would trust it, but in this case, I did not. I also don't know anybody who has signed Jeff's key.

When you sign someone else's public key, your are explicitly stating that you trust that the identity string contained in that pubkey accuratelly identifies the person who created the signature and knows the secret passphrase to the private key.

Do I need to place a personal value on keys which I've downloaded? Hypothetically, what if I downloaded it from some rogue server masquerading as the real thing?

There's no need to throw a rogue server into the picture. One thing to note about the PGP keyservers - they do absolutelly no authentication at all. Anyone can store any key identifying themselves as anyone at all, and the keyservers will take it. All I have to do is generate a new key pair identifying myself as Jeff Moyer, upload it, and if you search for Jeff on the keyservers, both his and mine will appear. This is the purpose for having key signing parties. By having people physically show up with both their key fingerprints and verifiable evidenice of who they are, you can establish within reasonable doubt that *this* key belongs to this person, regardless of what the identifying strings in the public key advertise.

What I suspect is that if I signed Joe Blow's key, and Joe had signed Jeff Moyer's key, and I had placed a value on Joe's ability to properly verify keys, that there would be some implication about the goodness of Jeff's key. Correct?

Correct - this is the "web of trust" in operation. Note that in order for this to work, everyone must have uploaded their signed public keys to the keyservers, and then must periodically refresh their local public keyring from the keyservers to get an up to date list of who has signed who'se keys. gpg only generates its internal web of trust (stored in the trustdb) based off of the local keyring.

In my situation, I suspect that there are too many degrees of separation between keys which I trust and Jeff's key and its signers. How does this gap get closed?

There are probably missing links, if such a path exists at all. Let's say that you signed Bob's key, Bob signed Charlie's key, and Charlie signed Jeff's key. Since you signed Bob's key, you presumablly have declared it trusted. If you haven't downloaded Charlie's key, though, then gpg can't find a path to Jeff, so it will declare his key as untrusted. To try and close this, you must first find out what other keys have signed the signature you're trying to get to. I'll use Theo's key as an example here (with lots of snipping, since he's got a big keyring). tty/10 1002 erwin 09:34:56 $ gpg --list-sigs felicity pub 1024D/E580B363 1997-11-09 Theo Van Dinter <felicity@kluge.net> sig F74F343D 2003-11-01 [User id not found] sig C52DCE75 2003-11-01 [User id not found] sig 3 R CCE3BD36 2003-08-23 [User id not found] sig 3 E2E88CEC 2004-04-23 Frank Sweetser <fs@wpi.edu> sig 898AA63C 2004-04-23 Doug Mildram (Born under 4.2BSD) <doug.mildram@mindspeed.com> These are a few of the keys in Theo's public keyring, which I have a copy of from the public keyservers. I can see my own in there, and Doug's, since my keyring contains keys corresponding to those fingerprints. The ones marked as "User id not found" are ones that I don't have. I can search the keyserver either by going to a web interface such as http://pgp.mit.edu/ using gpg --search-keys tty/10 1003 erwin 10:03:16 $ gpg --search-keys 0xF74F343D gpg: searching for "0xF74F343D" from HKP server pgp.mit.edu Keys 1-4 of 4 for "0xF74F343D" (1) Richard Johnson <rjohnson@ucar.edu> 1024 bit RSA key F74F343D, created 1995-08-18 (2) Richard Johnson <rjohnson@medialab.com> 1024 bit RSA key F74F343D, created 1995-08-18 (3) Thawte Freemail Member <rjohnson@ucar.edu> 1024 bit RSA key F74F343D, created 1995-08-18 (4) Richard Johnson <Richard.Johnson@medialab.com> 1024 bit RSA key F74F343D, created 1995-08-18 Enter number(s), N)ext, or Q)uit > 1 gpg: key F74F343D: public key "Richard Johnson <rjohnson@ucar.edu>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) pub 1024D/E580B363 1997-11-09 Theo Van Dinter <felicity@kluge.net> sig F74F343D 2003-11-01 Richard Johnson <rjohnson@ucar.edu> sig C52DCE75 2003-11-01 [User id not found] sig 314514EE 2003-11-01 [User id not found] [etc...] If I know who to look for in between , I can then find a path to the signature I'm looking for. Unfortuatelly, there's no good way that I know of to automatically find the shortest trusted path between to keys. -- Frank Sweetser fs at wpi.edu WPI Network Engineer GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

There's a good explanation with more of the nitty gritty details in the online manual at http://www.gnupg.org/gph/en/manual.html#AEN335 -- Frank Sweetser fs at wpi.edu WPI Network Engineer GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC