Why I don't have a GPG key

January 16, 2007

In theory I ought to be just the sort of person who has a GPG key; after all, I'm geeky, quite aware of how easy it is to impersonate people on the Internet, reasonably concerned about privacy, and so on. But in practice I don't have one because I don't feel I could keep it secure enough for what people believe a digital signature implies.

As a system administrator, I get to be quite aware of all the ways that a bad guy could attack the machines I want to use GPG on. For example, even if I just used GPG on my office workstation (instead of the multi-user machine where I actually read most of my email), the workstation is on the Internet, it runs various services, it allows remote logins, I browse the web from it, I view PDFs on it (there have been PDF viewers with exploitable security problems), and it's only moderately physically secure. That's a lot of potential exposure.

This doesn't matter for normal email and the like, because people are prepared to believe that it can be forged, or someone can manage to log in as you, or whatever. But I think that people have been persuaded to have far more trust in digital signatures, enough trust that the consequences of my digital signature getting compromised are too (potentially) severe for me to feel comfortable. People really seem to feel that a valid GPG signature is a guarantee that something is not forged.

(Yes, talk about strong non-repudiation makes me twitch.)

One may argue that I am unlikely to be attacked to get my GPG key. There are two answers to this. First, I don't have to be attacked specifically; most machine compromises are happy to just hoover up anything they can get their hands on, passwords and keys included, and most crackers are happy to collect any vulnerable machine, no matter how small it looks initially. Second, the more weight and non-repudiation and so on people put on my GPG key, the more valuable it is to an attacker, and thus worth targeting moderately specifically. (And we know that people are launching carefully targeted attacks these days.)

Thus, all in all I consider it significantly safer at the moment to have no GPG key.

It's a pity, because I would really like lightweight digital signatures as a protection against SMTP spoofing and the like (and I think we would be significantly better off in such a world). But that's not going to happen until we train people out of heavily trusting digital signatures, and I think that's going to take people getting burned fairly badly by their current beliefs. And I'd rather not play the role of the unfortunate forged victim in that scenario, because it's not going to be a comfortable one.

(Another reason I am jumpy about the security of my theoretical GPG key is that I am sufficiently nervous about forgetting really important and non-recoverable passwords that I want to have them written down in a secure place. Which is of course against all of the principles they tell you about keeping your GPG key safe.)

Written on 16 January 2007.
« Configuring VLANs on Fedora Core
A grump about the socket module's SSL support »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Jan 16 23:43:33 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.