[CQ-Contest] LotW and trust models

Lyndon Nerenberg lyndon at orthanc.ca
Tue Sep 30 18:39:22 EDT 2003 

It's obvious from most of the comments here that people don't understand 
trust models and how they relate to security systems. What follows in a 
slightly annotated excerpt from an off-list reply I made that might shed 
some light on why things are the way they are. Note that the off-list 
reply was PGP signed. This message is not, because the mailing list 
software that manages the list rejects messages that use the new 
application/pgp-signature MIME type.

--- Forwarded extract follows ---

The trust model needed to ensure the integrity of the credentials 
requires that you trust all intermediaries to a minimum level that is 
appropriate
to the service you are authenticating. This includes, e.g., the transport 
mechanism used to deliver the request. In this context, the post office 
is rated sufficiently trustworthy, while unsigned (in the cryptographic 
sense) email is not.

This is a hard problem to solve. In my previous job I helped design a 
system for the electronic delivery and payment of bills via electronic 
mail. The hardest part of the design was being able to make the 
guarantee, to a level acceptable by the courts, that the entity sending 
the bill was who they claimed to be, and that the recipient was who they 
claimed to be. The latter was equally as important as the former, being 
necessary to allow the billing intermediary to prove to the court that 
the recipient did in fact receive the bill. The solution was not a 
technical one, but instead required us to provide policy mechanisms that 
would allow all parties in the transaction to prove to each other, 
through means other than the billing/payment system itself, that they 
were who they claimed to be. This out-of-band initial identification 
isn't there to make life difficult for everyone: it is required by the 
mathematics of public key signature systems.

An example ... this message is PGP signed. What does that tell you? It 
tells you that someone with access to the private key of the PGP 
certificate that signed this message, signed this message. It in no way 
confirms that the person who signed the message is in fact the person 
named in the From header of the message. For you to truly believe that 
the message was signed by me, you need to confirm that the PGP 
certificate used to sign this messages does belong to me in fact. You 
can't do that by email, because you don't know who is really sending (and 
signing) these email messages. You have to verify my PGP certificate by 
some other means. If you were confidant that you could recognize my voice 
over the telephone, and had first-hand knowledge of my telephone number, 
you could call me up and ask for my PGP fingerprint. After I gave that to 
you, you would compare it with the fingerprint of the certificate that 
signed this message. If they matched, then, and ONLY then, could you 
state with certainty that it was in fact me who sent the message. 
(Technically, it asserts that the signer held the certificate's private 
key. Presumably I'm not going to hand that out, since that would let the 
holder forge my identity.)

What the ARRL is doing is no different. They're just doing the 
out-of-band identity verification using a set of tools that are easily 
available to them (and to the end-users of the system).

--- End of forwarded extract ---

--lyndon

More information about the CQ-Contest mailing list