←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 5 comments | 13 Nov 21 09:13 UTC | HN request time: 0s | source
Show context
upofadown ◴[13 Nov 21 11:46 UTC] No.29209152[source]
>Here's why I like SSH signatures:

>* It's not PGP.

The most important reason people use the OpenPGP message format is because it is a well accepted standard. Sure the cryptography is not new and fun but it is secure. If you sign something with OpenPGP then you can be sure that those signatures are verifiable on any platform by anyone. The OpenPGP standard has provisions to ensure that the signatures are from a particular entity. This proposal suggests that Github could be treated as a trusted third party. If that is the case then you don't need signatures at all.

Obligatory "The PGP Problem" rebuttal:

* https://articles.59.ca/doku.php?id=pgpfan:tpp

replies(2): >>29210190 #>>29214489 #
1. geofft ◴[13 Nov 21 15:00 UTC] No.29210190[source]
> The OpenPGP standard has provisions to ensure that the signatures are from a particular entity.

No, it does not - it has provisions to ensure that the signatures are from a particular private key. Mapping that to a human-meaningful entity is beyond the scope of the OpenPGP specification.

The article you link does not really address that point, and it doesn't at all substantiate the claim that using GitHub as a trusted third party means you "don't need signatures at all".

(Also, the original post says that other means like key transparency can be used instead of trusting GitHub.)

replies(2): >>29210335 #>>29214555 #
2. shp0ngle ◴[13 Nov 21 15:21 UTC] No.29210335[source]
Well, if you trust github enough for the keys, you can just download and distribute the arbitrary data through github itself. I guess that is what he was referring to.
3. zucker42 ◴[14 Nov 21 00:50 UTC] No.29214555[source]
Isn't the web of trust part of a PGP? That maps private keys to human-meaningful entities. Or is that not part of OpenPGP?
replies(2): >>29214842 #>>29214903 #
4. int_19h ◴[14 Nov 21 01:55 UTC] No.29214842[source]
The argument is that the whole "web of trust" thing never really took off, so you can't rely on it in practice.
5. geofft ◴[14 Nov 21 02:11 UTC] No.29214903[source]
It's one way to use PGP, and it's not the only way. Almost certainly the most common use of PGP by number of operations per day is verifying RPM and apt signatures, which relies on trusting specific keys delivered through out-of-band means (in practice, mostly previously delivered via HTTPS).

In turn, the subject information in these keys does not matter - either the signing key is trusted, or it's not. There's an ongoing philosophical debate among users of the web of trust about what the subject (name and email) means. Should you sign a key if you see a passport Are you attesting to legal names? If someone works via a pseudonym, how (if at all) should you sign their key? How do you validate the passport? Maybe you should only sign keys for people you actually know, and attest to knowing their identity in a human sense and not to them having legal documents? What about the email field - do you need to verify that they possess the email? How?

The OpenPGP spec includes just enough functionality to encode trust into local keys (and specifies that it should not be exported), but it does not say anything about a web of trust: https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3....