Recommendations for handling (multiple) user IDs - personal and company ones

[Hauke Laging]

Am Sa 08.06.2013, 16:16:18 schrieb Daniel Kahn Gillmor:

> People simply won't use tools that they aren't comfortable with.

This is much more about understanding the connections and seeing what's 
necessary to achieve a certain goal. And understanding which is the right goal 
in every single case. I remember the professor in my first computer science 
course: "Many people talk about reducing the complexity of a problem. That's 
nonsense. You cannot reduce the complexity of a problem, that is a fixed 
value. You just can work on the problem in small pieces."

I see people doing stupid things with crypto all the time. Why? Because they 
don't understand the connections. You cannot throw Enigmail and GPA at 
clueless people and pretend they were capable of using OpenPGP seriously now 
just because it *looks* simple to *them* now.

I tell the people who attend to my courses: "For get the Web of Trust. That is 
not for beginners. You neither need it now nor understand enough of the 
subject to use it well." But I tell them to have a look at my key policy 
template. So that they get an impression what is important about keys.


> This
> is a delicate tradeoff, but if you're willing to sacrifice everyone's
> comfort to build a system, that system simply won't get used.

You mean like GnuPG itself (including all GUIs)? What I want does not make 
OpenPGP more complicated (in the usual sense). The GUI would ask you a few 
simple questions. That requires time but not deep understanding. You don't 
even have to understand what an offline main key is in order to testify to the 
key owners claim of having one.

What do you think how many people who use OpenPGP today wouldn't use it if the 
WoT didn't exist? The WoT is a playground for statistics but for whom is it a 
killer feature? And who would use it for really serious purposes (high 
security demand)? I don't see any reason to consider the current WoT as a big 
success which would be exposed to danger by what I promote.


> The end
> result?  decades of cleartext e-mail, long after we had the tools to do
> better :(

The reason hardly anybody uses crypto is not that its usage was complicated (I 
know, I a minute Rob will post his usability study link and ask for my 
sources...). It isn't. Not the basic operations if you have a working 
configuration. And for the rest the users can ask for help.

The reason that most people do not use crypto is the most trivial one: They 
don't think they need it.

But if you think you need it and if you understand the connections would you 
really accept the low security level ot the WoT just for some comport? 
Probably not. You would not use the WoT for important issues.


> Including a certification level, given the state of modern OpenPGP
> implementations, is meaningless

You are aware that I strongly critizise the current state?


> and serves only to leak information
> about the social graph which otherwise wouldn't be leaked.

There is no relation between the precision of a key and UID verification and 
the social contact.


> as i've also argued publicly recently:
> 
>   https://debian-administration.org/users/dkg/weblog/98

I wouldn't agree that you argue there. I read a lot of opinion. I would prefer 
facts and connections which support an opinion.


> If you want to be able to do machine-level inference about user identity
> (so that a user's computer can tell them with confidence "This is Sally,
> you know this because Joe said so"), and you insist that policy URLs are
> critical then you probably also need machine-readable policies;

That is my long term aim. But until there is a widely used standard we will 
need human-readable text at least in parallel. It doesn't make sense to have 
to read something that can be made machine-readable. Noone is interested in 
reading 30 key policies after a key signing party.


> This sounds like a complicated mess,

The complicated mess is going to be hidden by the GUI.


> afaict no one is working on this.

I am (but how should you have known...):
http://www.openpgp-notations.org/

But there isn't much yet as I am busy with my courses project.


> it is another barrier to
> participating in the OpenPGP network of certifications.

It's not at all. Nobody would prevent a user from doing certifications like 
today. But my aim is to make most users take the WoT security not seriously 
any more.

My approach is a chance. To leave the low, hardly useful level of the current 
WoT behind. And there is another chance: If enough people use OpenPGP someday 
then you don't need a big amount of signatures any more. If you have 20 highly 
trustworthy signatures (from your family, long term friends and the like) that 
will be enough. And all the saved time which you use for another 100 
signatures today can be used for making the certifications better.


> Learning the basics of what it means to responsibly hold a secret key
> and make (or choose to not make) identity assertions with it is already
> too complex for most people.

It is not "too complex" in an absolute sense. We are not talking about rocket 
science. It is "too complex considering there is no demand to do it right". If 
more and more people use crypto then social pressure will arise. 15 years ago 
it wasn't a problem in Germany not to have an email address. Nobody would have 
considered you and idiot or otherwise strange person if you didn't have one. 
This has changed. And it will change similarly for crypto. In another 15 years 
it will not be possible not to use crypto without being laughed at.

But if I promote a system for the whole population then it must be good enough 
for that task. It must be capable of delivering (in practice!) security and 
transparency on a level similar to what the crypto laws demand.


> Adding layers of complexity to the system
> will simply make the user base smaller.

The OpenPGP userbase is ridiculously small. And BTW: The WoT knowledge even 
among people actively involved with OpenPGP is ridiculously low. You don't 
even find the relevant details in the documentation on gnupg.org. When I was 
writing about the WoT (which I had not used at that time) on my OpenPGP page I 
didn't find a single really good source about the subject. After acquiring the 
knowledge myself through intense testing I found a dozen errors on the 
probably best German OpenPGP resource. If I talk to people who organize key 
signing partys it turns out that none of them is familiar with the details. 
Thus I consider the WoT a joke meanwhile.


> This is particularly disastrous
> with systems that rely on the network effect for any sort of public
> usefulness.

There is obviously no public usefulness of OpenPGP as a whole given the 
irrelevant user base. So how can the WoT be a great feature if not even the 
base technology is?


We must teach the public about the need and benefits of crypto for them but 
also about the complexity. Either you need security or you don't but you will 
not get it for free. The aim is not to pull everyone on a high security level. 
My aim is to have a system which fulfills the needs of different types of 
users.


> > A comment may be a statement about the function of the key owner in an
> > organization and thus is an important part of the identity. This is
> > explicitly intended by signature law! Such a comment should be certified
> > by the organization's certification key only.
> 
> It sounds like you're saying that the presence of some comments in User
> IDs make it so that no one else is supposed to certify those User IDs,
> for some sort of legal reason ("signature law") which i don't know about
> or understand.

No, you misunderstood me. This is basically your argument: It doesn't make 
sense to certify certain statements because you cannot verify them. If the 
statement is "This person is the CEO of that company" then this is a plain 
fact (which is going to change over time though) but hard for most people to 
assess. Thus only the company (and maybe an authority where the CEOs must be 
registered) should certify such a statement. Everybody else should certify the 
name and email address only (which the current OpenPGP does not offer you 
unless there are separate UIDs).


> I'm wary of the term "secure" -- can you be more specific about what
> benefits we gain as a community from a comment in a User ID like "I have
> this primary key offline"?  Are there no other ways to gain those
> benefits without putting the comment in the User ID?

This information can be put elsewhere. But today that would make little sense 
as hardly anybody would notice. Who knows what a key policy is? Those who 
don't will certainly not look for it. But if someone reads "offline mainkey; 
see policy URL" in my UID comment then he may get curious about that, learn 
something about crypto and use it better in the end.

But I don't see any reason to avoid that in a UID. There is not just one 
identity "Hauke Laging" (even if noone else has that name). There are "Hauke 
Laging, private person", "Hauke Laging, employee", "Hauke Laging, founder of 
an OpenPGP teaching project" and these identities are quite separate from the 
perspectives of people who are in contact with me in those different areas. So 
why should such an additional information in a UID not help those who use the 
key? It may help them even if the certification becomes more difficult for 
others.


> If you think that policy URLs should be shown by default, you should
> make the case for that.

I mainly think that the default should be that everbody has one. If nearly 
noone has, why should they be shown?


> I suspect they're not currently shown by
> default because they are an additional source of confusion in an already
> too-confusing interface for most people.

The interface can get better. The problem is IMHO not the interface, not at 
all. The problem is that the people do not learn crypto like they learn other 
things. Most people do not have someone they can ask. If everyone learnt that 
at (e.g.) school then nobody would consider that complicated any more. At 
least not more complicated than using email, making web pages or office 
documents.


> Who do you want to be able to
> participate in the public network -- just a handful of experts steeped
> in the arcana?  or everyone capable of operating a computer at a
> reasonable level?

That's one of the really important questions. I thing I already mentioned it 
above: I want EVERYONE to use crypto (not all on the same level, though). But 
I am convinced that this is primarily about

a) convincing people that they need it
b) teach them well

I don't think that the "visible complexity of crypto" should be stripped down 
so that everyone believes he can use it after having seen a 10 minutes video 
and done a few clicks. We should go for a consensus about what crypto users 
should know / have understood. In parallel we should make the system better so 
that it suits the needs of more people. And most important: We have to teach 
others. One of my better recent ideas:

https://bugs.kde.org/show_bug.cgi?id=318005

I want software which supports crypto but is used without it, too, to point 
its users at crypto teaching resources.


> But the overwhelming majority of
> comments in User IDs on the public keyservers are exactly of the
> ridiculous types used as examples in that page.

I wasn't aware of that but that is not an argument against comments but an 
argument against stupid comments. This would not happen if most users did not 
create their keys by themselves but with professional help. You can do so much 
wrong when generating a key. You cannot demand from a new user to understand 
all that in advance. The more as key generation is rather useless knowledge 
for him. Thus: Get potential users into courses and we automatically get rid 
of most of the stupid UIDs.


> This suggests to me that this feature (the "comment" prompt when
> generating a new User ID) is causing more confusion and difficulty than
> it is providing benefit.

I agree with that. If I suggest changes Werner always says: "The GUIs should 
handle that." But is there a single good graphical key generation tool 
available? One that gives you all the information you need? One that is at 
least capable of creating offline mainkeys? I am not aware of one. The GUIs 
have to become a lot better. Fortunately I am in contact with a KDE developer 
who intends to work on the crypto part of KMail and KGpg. I am sure that even 
with little development effort big improvements are possible.


> You can make these statements in other forms than placing them in the
> User ID.   For example, you can put a signed message on your web site
> about your key maintenance habits, which other people could refer to
> when they want to learn from you.

That makes sense only if this document is signed by others, too (those who 
certify your key). And even if they did: The result would be invisible for 
most users today.


> again, it sounds like you're asking for something that would make an
> already-too-cumbersome process even more cumbersome.  I don't think
> that's to the advantage of the community as a whole.

Maybe not. But nobody would be forced to do it that way. Why should experts 
and newbies make the same kind of certification? Why limit the experts?


Hauke
-- 
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-courses.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130610/74dd4596/attachment-0001.sig>