Key signing without a fingerprint?
Huels, Ralf SCORE
Ralf.Huels@schufa.de
Wed Jan 30 13:47:01 2002
Hi,
yesterday I met with a guy who had forgotten to bring his key =
fingerprint
and we considered the following protocol:
- I gave him my fingerprint and we exchanged photo ID
- We agreed an a shared secret - a pass phrase
- He will send his fingerprint and the shared secret in one message,
encrypted to my key.
He gets all the information he needs through the physical printout=20
of my fingerprint and I can rely on the pass phrase in the encrypted=20
message, assuming that he will guard the shared secret closely.
He may optionally sign the message as well but as proof of his=20
identity lies solely in the shared secret, the signature would not=20
give me any additional information.
Would you consider this sufficient security for signing a key?
I suppose for the truly paranoid, this will not do, as the information
that I rely upon passes out of my control.
On the other hand, it is in his best interest not to risk being=20
impersonated and even a true face-to-face fingerprint exchange does
not give a signator security that the signee will handle his secrets=20
(secret key and pass phrase) well.
Are there any flaws in this protocol that we might have missed?
Tsch=FC=DF,
Ralf