Sorry, I forgot to copy the list.
From: Avi avi.wiki@gmail.com Date: May 8, 2007 1:18 PM Subject: Re: [WikiEN-l] Encrypted challenge-responses for PGP/GPG key users To: Gregory Maxwell gmaxwell@gmail.com
Which is why at most this would be signed level 2.
That is possible, on the other hand, you would ALSO have had to access Cyde's account and post on WP:ANI with what we were discussing, AND you would have had to compromise his e-mail account as well, simultaneously with his wiki account.
I'm not saying that I would give level 3, but between the challenge-responses through two completely different media, and the fact that I imported his key months ago, before you would ever have known that I wanted to perform a challange response with him, makes the possibilitiy you mention really, really minute.
Of course, it is still more likely than you forging a government-issued picture ID in his name, but not as likely any longer as just the standard MITM would be.
Thoughts?
--Avi
On 5/8/07, Gregory Maxwell gmaxwell@gmail.com wrote:
On 5/8/07, Avi avi.wiki@gmail.com wrote:
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Inciden...
may not be a poor idea for some of us to either meet in person with out fingerprints, or at the very least perform encrypted challenge-responses with each other, to create a baseline for identification purposes.
I don't see how your encrypted challenge response isn't vulnerable to a MITM attack. ;)
I.e. I claim to be cyde and give you a key I control but which says 'cyde', then I got to cyde and give him a key claiming to be you.. then I proxy communication between you two. :)
The standard behavior for PGP web of trust is a verified identity exchange, i.e. person to person with a shown ID.
On 5/8/07, Avi avi.wiki@gmail.com wrote:
Sorry, I forgot to copy the list.
From: Avi avi.wiki@gmail.com Date: May 8, 2007 1:18 PM Subject: Re: [WikiEN-l] Encrypted challenge-responses for PGP/GPG key users To: Gregory Maxwell gmaxwell@gmail.com
Which is why at most this would be signed level 2.
That is possible, on the other hand, you would ALSO have had to access Cyde's account and post on WP:ANI with what we were discussing, AND you would have had to compromise his e-mail account as well, simultaneously with his wiki account.
I'm not saying that I would give level 3, but between the challenge-responses through two completely different media, and the fact that I imported his key months ago, before you would ever have known that I wanted to perform a challange response with him, makes the possibilitiy you mention really, really minute.
Of course, it is still more likely than you forging a government-issued picture ID in his name, but not as likely any longer as just the standard MITM would be.
Thoughts?
--Avi
On 5/8/07, Gregory Maxwell gmaxwell@gmail.com wrote:
On 5/8/07, Avi avi.wiki@gmail.com wrote:
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Inciden...
may not be a poor idea for some of us to either meet in person with out fingerprints, or at the very least perform encrypted challenge-responses with each other, to create a baseline for identification purposes.
I don't see how your encrypted challenge response isn't vulnerable to a MITM attack. ;)
I.e. I claim to be cyde and give you a key I control but which says 'cyde', then I got to cyde and give him a key claiming to be you.. then I proxy communication between you two. :)
The standard behavior for PGP web of trust is a verified identity exchange, i.e. person to person with a shown ID.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
No system of security is ever perfect. But at least this way we'll have a fallback in case of disaster.
On 08/05/07, Avi avi.wiki@gmail.com wrote:
Which is why at most this would be signed level 2. I'm not saying that I would give level 3, but between the Thoughts?
On distrusting distrust: http://reddragdiva.livejournal.com/110312.html Reflux on distrusting distrust: http://reddragdiva.livejournal.com/110634.html
Webs of trust protect security like DRM locks up Hollywood's preciouussssss. Take care not to sell yourself snake oil.
- d.
On 5/8/07, David Gerard dgerard@gmail.com wrote:
On 08/05/07, Avi avi.wiki@gmail.com wrote:
Which is why at most this would be signed level 2. I'm not saying that I would give level 3, but between the Thoughts?
On distrusting distrust: http://reddragdiva.livejournal.com/110312.html Reflux on distrusting distrust: http://reddragdiva.livejournal.com/110634.html
Webs of trust protect security like DRM locks up Hollywood's preciouussssss. Take care not to sell yourself snake oil.
- d.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l
Ah, but there's the difference. In something like this, you really do have an Alice, Bob, and Eve. In the case of Hollywood's precioussssss, Bob -is- Eve. That's what makes their scheme cryptographically impossible. But when you've got someone you don't give the key to (however black-boxed it may be), and don't want to have it, you do stand a decent chance of keeping them locked out.
On 5/8/07, David Gerard dgerard@gmail.com wrote:
On distrusting distrust: http://reddragdiva.livejournal.com/110312.html Reflux on distrusting distrust: http://reddragdiva.livejournal.com/110634.html
Webs of trust protect security like DRM locks up Hollywood's preciouussssss. Take care not to sell yourself snake oil.
If someone has physical access to your system, it's pretty easy to install a keylogger or a trojanned application and have it send things signed as you that you didn't actually write.
Signing and webs of trust just mean that then when you say it wasn't you, NOBODY BELIEVES YOU.
-Matt