I generally agree with your points, but I'll reply your points even if
it's just slightly more secure.
Aryeh Gregor wrote:
Okay, great. So if someone shows up with an index
finger like yours,
there are two possibilities:
1) Someone forged this e-mail from you that I was relying on, and the
key I just signed is bogus.
*If* the real Jussi-Ville regularly reads this mailing list and doesn't
reply in a week, I think we can assume it's the same one
(Problem: Would mailman deliver a forged email to the subscriber? It may
also need a reply to be sure it arrives to his mailbox).
2) This e-mail from you is legitimate, so the key is
legitimate. But
in this case, why didn't you just skip the middle-man and include the
public key in your e-mail and have me sign it from there?
Getting a public key from someone who you've only communicated with
via e-mail can *never* be more secure than just getting the key via
e-mail somehow.
Suppose someone alledgedly Jay Walsh walks into the key signing.
-You could verify its face against
http://wikimediafoundation.org/wiki/File:Jay_Walsh_May_2008.JPG, which
has been uploaded by his user account.
You can apply the web of trust on real world. If also Brion and Tim are
there and they confirm that it is indeed Jay Walsh, you could believe
them, based on a prior presentation, their portraits or that their keys
are at
https://secure.wikimedia.org/keys.html, certified by Equifax.
(Although my browser claims that 'my connection to this website is not
encrypted')
As far as I'm concerned, you may as well not exist
in
real life at all. I've only read your e-mails. Your real-life
identity isn't necessary or even useful to my verification of the
identity I care about, viz., your e-mail identity.
Sure. If the mailing list is full of sockpuppets of the cabal we are all
doomed. :)
The secure way to do key-signing in situations like
this is to attach
a GPG signature to every e-mail you send. If you attach the same
public key to every single e-mail you send for a few years, then
there's no question about whether the key is yours. Whoever is
writing the e-mails is the one whose private key is used to sign the
mail, period. If all the e-mails you've ever sent are forged, and I
only know about you by reading the e-mails, then you *are* the forger
as far as I'm concerned.
This moves the issue as to when add to your keyring/trust a signature on
a random email. If you use to add all new signatures, you're bound to
accept a fake key on a seemingly inoffensive email, which although
forged, could perfectly have been sent by that person.
Similarly, my identity can be verified by the fact
that I've had
commit access and toolserver access for a couple of years based on my
private key. So you know (or at least, whoever has access to a secure
list of public keys of committers or toolserver users knows) that
whoever controls that private key is the one who's been doing all
those commits and things, which has pretty much got to be the same
person who's been posting on mailing lists and so on. *That* is
secure.
I don't think that list is public.
Key-signings are probably a fun social event, though,
even if they
aren't worth much from a security standpoint, so don't mind me. :)
Nobody really use them, so it isn't worth trying to break the system
yet, other than as a joke or proof-of-concept.
OTOH if money tranfers were routinely done based on pgp signed emails,
the panorama would change.
Tim Starling wrote:
Private keys can be compromised by anyone with a whim
and a few
thousand dollars, ...
How's that? The methods you mention are not specific of private keys.
The same could be said about any computer system. Does that mean that no
system is secure?
Access to place a big banner into WMF servers is probably worth more
than a few thousand dollars...
Given that proper security practices are followed, the only way *should*
be the $5 wrench.