European Workshop on Trust & Identity

In cooperation with GeantLogo184x80


  • Session 30 - Why I Hate PGP (and better alternatives)

    Session 30 <Why I Hate PGP (and better alternatives)> (13:30/Room K6)


    Abstract:In a post-Snowden society, protecting your private company and personal information is more important than ever. But rather than blindly jumping into encryption, we'll take a look at how (and why) tools like PGP/gpg were created, their purpose, and what their purpose is NOT. We'll also address some of the issues that come up with the so-called Web of Trust.

    Tags: Crypto, Trust


    Self-presentation: why encrypting is an issue / Anti-surveillance policies in the US / iddsc / Snowden as a catalyst / crypto party & crypto wars of the 90s

    History of cryptography

    • Modern cryptography & classic cryptography -- symmetric cypher (one key to encrypt the message, problem: how does the key come to the receiver?)
    • 1976: public paper clock key, algorithm: one key to encrypt, one key to decrypt (private & public key) - the issue with this: I have a private key, the other one should send me something encrypted, so I go to the key server, get the key, and can get the message / problem: to many in the middle.
    • Example: Micah Lee: he didn't trust the key stores for the exact reason - we don't know where the key comes from - so instead he sends an e-mail to the receiver to confirm that that key doesn't belong to a (lawyer?)
    • Crypto-party: an example: you want to generate a key, what I said earlier about real name policy of Google, fb etc., why do I have a problem with this? / GPG page and key signing guidelines?

    What is the problem?

    • They could be a fake
    • You're forced to trust in the government - it creates an illusion that the trust that is issued by the government would be more valid than anything else;
    • This idea that there's a key I want to show is trustworthy and I sign it, and I put levels from 1 to 3 or 4 / what does it mean? - Absolute nothing.
    • What do trust levels mean? (PGP trust levels)
    • What are you verifying? - On a governmental document?
    • I couldn't find any issues on governmental (websites?)

    Definition: what does it mean to trust a key? What does trust mean?

    • Direct trust - individual
    • Hierarchical trust -
    • Cumulative trust - different ways to verify or someone you already know/who already works for you and you are pretty sure it's them.

    RFC - (looking up RFC 4880 "OpenPGP message format) Signature types

    Loose definition, probably left open by standard writers intentionally

    Search results on the MIT-tool for a key ("oxd255...")

    • You get a list of all the keys that have trusted this key
    • This creates information (?)
    • Public key store means that it is public, so anyone can use it

    I created a trust tool:

    Example "pgpring –S -k keystore" output

    - Possible to have multiple identities with the sub field

    OpenPGP Message Format principle -- I made it easier and converted it to a text file, matches up all the elements, whether it's public key or something else. It is defragmented for the user.

    What email providers have "secure" users?

    • Gmail - 334,333
    • Hotmail

    What news organisations have "secure" users?

    • wall street – 18
    • new York times – 159
    • Fox news - 3

    What "intel" agencies have "secure" users?

    • - 54
    • - 39
    • .mil 7,908
    • - 28
    • - 0

    How do universities use PGP?

    Frequencies: Seem to be rather trial than actual use.

    Who has signed the most keys? if you are a new user and use a key by default it stores the private key and compromised your security.

    Participant: So they have a copy of a private key?

    It's perline party, targeted, binary / I understand why you are upset with them, it's a struggle, they have a noble mission to make it easier.

    I agree, it's not only me, having your private keys stored anywhere else is compromising of your security. E.g. a PGP encryption, there's principle of mathematics - key instructed is that you have 2 public keys who share the 3rd prime

    Interesting talk about key factoring that was referenced in the talk: title)

    Participant: What I've never understood is having a store of keys

    -: the trust store, the key store is completely useless. My tool is not online right now.

       (Explanation of the key)

    Also means you can do a neighbour kind thing, Meta data, and have interesting connections with that.

    Participant: I disagree, those are 2 different kinds of trust paradigms. One is public, you can change it. Trusting keys is establishing some initial relationship.

    Answer: PGP issue: if you show up, have trusted key -- the data is still there, internet never forgets them.

    Participant: But that is impossible to solve.

    Answer: PGP is a fantastic tool for encrypting, but bad for privacy and anonymity.

    Participant: Based on names, it is completely unreliable.

    Participant: What's frustrating is that the government requires us for getting rent from them, but many researchers are from other countries, and many other countries have different requirements for names. One thing that makes trust hard on internet lies in us being human beings, we're organic stuff, we meet and see each other, and you can't do that online.

    Answer: I don't agree, when we're chatting, we are establishing and have established relationships. Example: how Anonymous changed in the chat room and how other in the chat room realized his change in behaviour.

    Participant: And in the trust-PGP-context it doesn't mean to trust a person, it means trusting a key!

    Participant: If I enter "Edward Snowden has this key" (...)

    Participant: What do you think about your knowledge in public key store, people actually communicating with each other there?

    Answer: In the key store you can

    1. Connect to each other, sign the key randomly

    2. Time stamp for when a key was signed is difficult issue (state now, state 10 years ago)

    And PGP was created in the early 90s..

    Participant: the data we get to another zone is very small

    Answer: The issue is not so much signing keys, but posting them publicly.

    Participant: I think that one of the biggest trust contributions PGP made was that for the first time a reliable crypto reached mass market.

  • Session 32 - Rebooting the Web of Trust

    Session 32 <Rebooting the Web of Trust> (14:15/Room K2)

    Convener:Markus Sabadello

    Abstract:We discussed a recent event called "Rebooting the Web of Trust", which explored modern technologies (crypto, blockchain, self-sovereign identity). The ambitious goal of the event was to come up with better alternatives to traditional PGP, TLS, name registration, and other Internet services. One of the key projects is to create a blockchain-based registry for permanent identifiers that anyone can use without intermediaries. The community will publish a set of white papers and hold additional events in 2016.

    Tags: Trust, Crypto, Archtecture



    Black chain-based registry for identifiers à public keys DPKI

    Instead of rent + buy a domain name: new model of handling identifiers

    Talk about an event in San Francisco, couple of weeks ago


    • PGP 25th anniversary. A lot of people are not using this and cryptology in general
    • X.509 model - problems: trust hierarchy in certificates.
    • SSL - problematic X.509 CA model
    • Naming: email addresses, you never really own a name. You can only rent a domain name, not buy it.

    New layer, new architecture that can fix these problems

    Some of the people who attended the event in SF: Christopher Allan, Jon Callas (one of the creators of PGP), Bit coin-involved people, Juan Benet. Working on advanced, cutting-edge crypto-protocols.

    Idea: come up with ideas as individuals. Own our own identity.

    Technologies that are being discussed (SAML, trust frameworks + federations) - you never own something, you're only ever part of a federation (there's authorisation manager, etc.)

    In PGP: you create your own private key without a SP

    You get started by yourself. Don’t have to pay an account. PGP, SSL etc. try to do it better

    Event: all participants submitted papers about what they're interested in: folder of these papers.

    Some are pretty advanced: signatures, mark signatures, distributed file systems, semantic web technologies, trust models etc.

    Might be interesting to create a new kind of way to do what we currently do with PGP

    Security can be combined

    User-centric identity is quite common but: self-sovereign identity - new expression people come up with. You don't need anyone else to get started. You can participate in a system without signing up.

    • Johan: how can they communicate with you? What about the key?

    Ongoing process. There’ll be an outcome. One of the documents (DPKI - decentralised public key infrastructure): method for registering your key with an identifier in a block-chain

    • Rik: how to ensure there aren't collisions?
    • Johan: even though you got a public key, (...)
    • Aud 2: combination is the trick.

    What exactly is it that you put into a block-chain?

    One approach: first come, first surf. Public key à then it's your identifier. Someone else can't come after you. You can always write it into a block-chain even though another one already has done it.

    You got identifier, you don’t have to manually change

    • Johan: if I create a public key. How do they know I’m attached to the public key.

    I can tell you my identifier is 'Markus', or a Twitter user name.

    Is anyone familiar with the SUCCOS? Triangle?

    Having names like twitter user names in a way that is not controlled by a single authority. Doesn’t enable block-chains.

    Not saying that you can’t have all of these properties, it’s just not very likely:

    Desirable attributes for identifiers (usernames, domain names, IP,)

    • Human readable
    • globally unique
    • decentralised

    Pseudonyms are just local.

    Maybe we don't want global identifiers. Maybe I just need local identifiers for my friends. You got a name, so I know it’s you. You can link them.

    For example:

    (Addresses the audience) you're Johan and you're Rik.

    Human readable name: Rik who is known by Johan. Mechanism.

    • Aud: what if Rik doesn't want him to know him? (ha, ha)
    • Rik: limitations + scalability problem: solution?

    There’s articles on that. e.g., how secure are block chains?

    Extract from paper: "can be vulnerable if you look at the number of nodes that are mining. Whatever is the smallest number, is the vulnerability of the block chain" if you can compromise any of these, you can compromise the block chain. Recommendation in the paper: use multiple block chains. Supposedly decentralised - you register your identifier etc.

    But err...what was the question?

    • Rik: There’s the public block chain. Do you have other distributed proof of trust? diff communities operating diff proof
    • Public block chain can scale.

    Objective of the event in San Francisco: do create permanent identities? How to eliminate identities? How do you take yourself out of the circulation if you're dead?

    • Aud 3: what if somebody deletes the block chain? -- They’ll have to delete a whole lot.
    • Johan: Name coin. But THIS is more generic. You can put things in multiple block chains.

    Registration doesn’t expire. What happens when you die? You can encode these rules in the block chain thing. When you create such a registry, then you can just agree on these rules and say that it's in the consensus.

    There’s a project that experiments with that, it's called 'blockstore', created by a company that is called “onename” on the Bitcoin block chain. Putting things on the block chain: approach that you store most of your data outside the block chain. This project is trying to create the higher level component (higher semantics etc.) via Bitcoin. You can register a name but you have to renew it every couple of years.

    • Rik: do you still own it? Or do you have to pay?

    You have to pay your bit coin payment, other than that no fee.

    'Registration is always done directly by the principle'. Registration services that work on behalf of services is prohibited -> you use your own server/machine, like with java script. Use Bitcoin in your browser and then put it into the blockchain. Cannot technically be prevented.

    • Aud 3: are there reliable Javascript implementations?

    Testing tool for trying repairing your keys. (Registry playground for BIP32, BIP39,...)

    Idea: creating some kind of object that you put on the block chain. That’s where you have your public key. You can generate it yourself, then register it.

    Demo BIP32: interesting ideas from the Bitcoin community. Bitcoin improvement proposal.

    39: creating a key pair from a phrase (number of words), not a new idea but you can create a random sequence of words and then create your key pair. Either you download your private key or you remind your key or print your QR code. To make it easier not lose your private key.

    32: about hierarchical deterministic keys. Start with a master key pair, derive at another key (grandchildren keys). You can start generating new key pairs without registering new stuff on the block chain.

    • Johan: can you use the key for a one-time-usage? Give my key to you for a limited time
    • Aud: it's a time constraint, not use constraint

    You also say what data can be used.

    Example: I send you 0.5 Bitcoins, in my wallet: not a lot of keys. You just have to create one key, can create child key pairs too. From this perspective, it's a different key that is used.

    Every friend I have: I can just use a derived child key.

    HD key - but a bit off-topic.

    Concept of think lions:

    Full node: in a block chain means you run a full server, you're invalidating all the transactions, you need to be online, you need to have storage etc. not easy on a smartphone.

    If you want to register to a block chain on a smartphone, you can't run a full stack of the block chain. You need a think lion (so you can register things and your reg. is valid).

    • Good idea but got a lot of issues, like moving money.

    Same challenge like a Bitcoin wallet. You’re not running a full node, not running a full protocol.

    • Johan: why can’t it be built into the wallet? That’s the place it would fit into.

    It’s similar but it’s not about Bitcoin but registering and identifying with a public key.

    In the article: what if they lose their phone, backups etc.

    Shamir secret sharing: sharing it with people you trust (3 best friends are given parts of my private key). They will have to return it to me if I lose mine.

    Instead of splitting up my key and distribute them, I can make my friends create a new one for me (instead of getting back my old one).

    • Aud: I hope your friends don't die or get arrested :-)
    • What if they decide they're not your friend anymore? Hopefully you still got other ones.
    • Rik: combining centralised key chains with the blockchains - that way you had have comfort in knowing it's professionally administered.

    There doesn't have to be friends but a more official thing.

    • Rik: was it a compelling event? What are the next steps?

    White papers are going to be published in December.

    Something about the articles:

    • Smart signatures. Within a key/signature, you encode these rules. It's about signatures, verification mechanisms.
    • 1 non-technical as well.
    • 1 'Identity 20-20' project: digital identities for the most vulnerable and excluded members of society, e.g. refugees and homeless people. If your government throws away your passport, you only have a smartphone. How can you verify the things that you have done and the person you are? To prove where you stem from and that you deserve refuge. -- a bit shady and not very clear to me. Sounded interesting though. Self-sovereign identity for those who have nothing.
    • 'Detecting keys misuse' – article
    • 'Rebranding web of trust' - protocols etc.

    Next year: follow-up event.

    June/July 2016: demo

    25th birthday of PGP