16

When you sign a PGP/GPG key, what exactly are you saying to everyone who sees your signature? Are you validating the person, or the email address?

To explain what I mean, take the following two examples:

Validating the person: "I trust that the key 0x559E3EE8 belongs to Bob in accounting; he personally handed me a piece of paper with that public key over lunch. I don't know what Bob's email address is, but if he lists it as one of his UIDs in his key, I'm fairly sure it belongs to him.

Validating the email address (UID): "I trust that the key 0x559E3EE8 belongs to bob.stanford@examplecorp.com; I don't know who he is in real life, but we have sent encrypted emails back and forth, and I definitely know that he can decrypt and read the emails I send him, as he sometimes quotes things I wrote to him. I can also be very certain that there is no man in the middle between my computer and his mail server."

IQAndreas
  • 6,667
  • 9
  • 33
  • 52
  • 3
    It's not really a *knowing* thing, it's more of a *trusting* thing. You're saying I'm putting my trust in this PGP Key because I trust that it belongs to Bob. When you sign Bob's PGP Key you're telling others, "I trust this PGP Key to belong to Bob." – RoraΖ Sep 17 '14 at 14:32
  • @raz That's a good point. I replaced statement _I know_ with _I trust_ in the examples. – IQAndreas Sep 17 '14 at 14:36
  • It's basically the former. Multiple email aliases can be added to a PGP key. Someone's public key is tied to an identity, and by signing it you're validating the identity of the person who has the key. – RoraΖ Sep 17 '14 at 14:39

3 Answers3

12

OpenPGP does not define any rules for certifications

From RFC 4880, Signature Types:

[...] Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. [...]

Informal best practices

There is a kind of informal best practices, though. By posting a certification of undefined or casual trust level (sig or sig2, signature types 0x10 and 0x12) you declare to be sure of the signee's identity. This might have happened by checking official documents, or knowing somebody very well. Often, people send an encrypted mail containing the signature as attachment to also verify ownership of the mail address.

Certifications of positive trust level (sig3, type 0x13) usually claim some advanced certainty of the signer in what he's doing. This might be because of long-time knowledge of the signee, or high confidency in well-known documents presented (for example, passports of your own country).

Certification policies

As there are no general, enforced rules for certifications, some people post certification policies, which they claim to follow. They often just represent the informal best practice, but can help others at justifying your certification statements.

These often contain information on how you verify keys, what documents you require, how you handle variations in signee's names, and possisbly more. Often, they're signed documents, and referenced from each certification issued GnuPG's cert-policy-url option.

Jens Erat
  • 23,816
  • 12
  • 75
  • 96
6

You're supposed to do both. You're given an option to sign only specific UIDs or all UIDs, and you should only sign the UIDs you can vouch for. For example, if you work at Example Inc and Bob has "bob@example.com" and "bob@president.gov", you should only sign his bob@example.com UID.

A PGP signature states the following

  1. I am vouching that this key belongs to Bob
  2. I am vouching that this email ID listed on his certificate belongs to Bob

In reality, few people do #2, and most just sign all UIDs without checking.

mricon
  • 6,298
  • 23
  • 27
  • I think it would be best if *by default* gnupg would sign each UID individually and send each signature to the email in the UID encrypted to said receiver email public key. The receiver would then push the signatures to keyserver if he or she can actually read the encrypted mail. As a result, your *identity* should be something that is *not* tied to any email address and that identity has one or more UIDs with email addresses. Unfortunately gnupg does not support such kind of usage pretty well. – Mikko Rantalainen Jul 05 '18 at 11:26
5

People participating in PGP should have a Certification Practice Statement (CPS), but this is not as common as it should be E.g.,

These policies typically have a common denominator of meeting with the person, validating their government issued ID matches the name they're presenting themselves under and ensuring the person has control over the email address in question.

I like the formality of a CPS, especially when it comes to policies regarding signing keys of aliases or organizational keys.

The CPS will indicate when and why an authority will sign a key or certificate. http://en.wikipedia.org/wiki/Certification_Practice_Statement

To split hairs, you can sign anyone's key for any reason. If you publish the signature, you should have a CPS, and you should digitally sign the CPS. If anyone asks why you signed somebody's key, you can point them to it.

mgjk
  • 7,545
  • 2
  • 21
  • 34