[Freedombox-discuss] the FreedomBox 'bump' challenge

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 14 23:36:18 UTC 2011 

On 06/14/2011 06:29 PM, Lars Wirzenius wrote:
> That's not a whole lof of data, for full contact information plus
> an OpenPGP key. It's unrealistic to assume a whole key will fit.

I agree with Lars here; what everyone is used to calling an "OpenPGP
key" is in fact an OpenPGP certificate -- it contains one primary public
key and one or more user IDs (and zero or more subkeys); each user ID is
bound to the primary key by a set of certifications, by both the primary
key itself and by other people.

As more people certify your OpenPGP key+UserID, the overall certificate
grows larger, so there is certainly no guarantee that it will fit within
the constraints of a QRCode.

> Luckilyk, the PGP keyserver networks work pretty well, and
> there's other ways of distributing the keys, too. You can,
> for example, provide a URL to the public key.

I think it's a bad idea to encourage OpenPGP key distribution by URLs.

If you're looking for a shorthand, the full OpenPGP fingerprint of the
primary key is the shorthand to use; you can fetch full OpenPGP
certificates from the keyservers by fingerprint of the primary key, and
(most importantly) you can actually check that the key you retrieved
actually has the requested fingerprint.

This cryptographic validation step is critical for the integrity of the
process.

Serving the key by a URL without having the fingerprint available to
verify leaves you vulnerable to an attacker in control of the network,
who could substitute a different key entirely without your knowledge.

Of course, the fingerprint plus a URL would allow the recipient to
verify that it got the correct key.

If the concern is that you want to be able to transfer the full
certificate locally without relying on keyservers or any upstream link,
you could do something like the following:

 * assume both machines are on the same local wifi network, or are
bluetooth-capable
 * transmit the OpenPGP fingerprint via QR-Code/line-of-sight (this
prevents spoofing and snooping)
 * broadcast the certificate itself via wifi or bluetooth (since these
transports can accomodate the larger data sizes, even if they are
susceptible to spoofing/snooping)


If you want to avoid snooping as well as spoofing, you could transmit a
session nonce within the QR code, and broadcast the key encrypted with
the session nonce.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110614/1286c86b/attachment-0001.pgp>

More information about the Freedombox-discuss mailing list