automating GPG/OTR lookups, was Re: [OTR-users] generating keys

Paul Wouters paul at cypherpunks.ca
Fri Nov 11 01:01:42 EST 2005 

On Thu, 10 Nov 2005, Ian Goldberg wrote:

> No, there's no problem, even if the CIA hacks it, since it's GPG-signed.
> What you're doing here is leveraging existing trust (GPG) to
> authenticate your new (OTR) keys.  I agree that it's approximately
> pointless to put unsigned copies of your OTR keys on your webpage.
> But if you've got GPG, and you put up a signed copy, you'll never have
> to do the voice verification with your friends again (assuming they
> already trust your GPG key).

We need a plugin, I agree.

The problem is that I'd like to be able to do the following:

- Automate key verification (requires some standard) (eg GPG signing, in some
  recognisable format)
- Not store all (signed) keys in one place preferably (but we could, since it is
  signed with). Distribution is good.

We could think of some 'standard way' of adding an "otr" identity to our
existing GPG keys. I currently have multiple IDs with my key. They are currently
all linking email identities. But it could also link an OTR identity.

The information we need to put in such an additional PGP/GPG identity is:
1) Protocol / server (AIM, MSN, jabber at jabber.org, jabber at jabber.xs4all.nl)
2) IM name(s) (multiple in case of jabber? Or allow PaulWouters/* ?)
3) OTR fingerprint,
[4) OTR version?].

Then we just need a plugin that queries GPG/PGP servers. I am not sure if
we can do wildcard searches effectively on those servers, or whether we need
to use OTR to inline communicate the GPG keyid that supposedly signed our
OTR fingerprint. eg do a leap of faith and verify.

One thing that comes to mind is it creates cruft in the keyservers, but AFAIK
those are being cleaned up in a way that 'any old data not resigned will be
deleted', so that things like lost private keys will not clutter up the key
servers.

You would likely want to use reasonably short lived keys for this reason.
You can't keep adding identities to your real key, it would be come a mess.
So I think what we need is to create a subkey (or new GPG key especially for
OTR) that is just signed by your real GPG/PGP key. It can expire quickly,
you can make a new one, and even revoke it if your OTR private key is stolen.

Is this scheme vulnerable to an attack? Are there potential key rollover
issues? Will the GPG keyserver people hunt us down for doing this?

Paul

More information about the OTR-users mailing list