Now that Krishnan Nair Srijith‘s OpenPGPComment plugin lets you accept PGP signed comments, and displays them in raw form for anyone who wants to verify the signature, and a future version will let you verify PGP comments server-side, rather than requiring that interested readers verify them for themselves, the time may come when we have to think about what it actually means to have PGP signed comments, and what various verifications really mean. (Of course, since it’s shiny and new, I already dragged it back to my nest, and you’re welcome to sign your comments here. I’m just not quite sure what it really means, and what’s best to do, just yet.)
In the non-weblog-comment world, PGP signing works something like this:
PGP can do a couple of things for you: it can let you verify that something (usually email) came from the person it appears to have come from, and wasn’t altered at all along the way, and it can let you encrypt the something so that nobody but the recipient can read it. Ignoring encryption (something PGP advocates wish you wouldn’t do, since they want you to encrypt every single email so that the really secret ones don’t stand out), verification has two parts: who was it, and was it altered?
When you start using PGP, you generate two keys (think of them as magic decoder rings, only not from a cereal box), one private one that you keep, and have to type a passphrase (like a password, only longer and harder to type and remember) to use, and one public one that you give out to anyone who might need to verify something you signed. In fact, you’ll probably upload it to the public keyservers, so that anyone looking for your key can find it with your name or email address.
With the public key that goes with the private key that signed a message, anyone can verify that it wasn’t altered between the time it was signed and the time it was received. However, that doesn’t tell you anything about who signed it, only that nothing happened to it afterward. Anyone can upload a key to the keyservers with any name and email they like. pgp.mit.edu lists two keys for Dave Winer, one with a scripting.com email address that I think I remember Dave used to use, and another with a well.com address that may or may not be his – I don’t have any way of knowing, either way. Either or both keys could be his, or they could be his enemies keys, planted there to wait for someone to misunderstand.
In the normal way of things, if I got a signed email from Dave that I needed to verify, I could do several things. I could see if he has posted his public key somewhere on his website (though that’s only as secure as a web server, a thought that makes real crypto fans choke). I could call him on the phone, and ask him to read off the “fingerprint” for his key (a string of hexadecimal digits that identify a particular key-pair), though since I don’t know his voice, I could get a malicious passer-by who happened to know the fingerprint for his own key off the top of his head, and could thus persuade me that Dave wasn’t Dave, but the passer-by was, or I could do the right thing, meet Dave in person, look at two forms of picture ID to verify that I really was talking to him, and then accept his word that the fingerprint he tells me is for his key is his.
That’s fine for people that you actually do meet in person, but having to go visit every person who ever sends you signed mail, while sometimes fun, would be a bit expensive. That’s where what’s known as the “web of trust” comes in. Rather than having to go to Boston to check Dave’s key in person, suppose I run into someone who gets around: Joi Ito would do nicely. We exchange stacks of photo IDs, put on our tinfoil hats, and verify that we have the correct public keys for each other. But then, we use our own keys to sign each other’s keys, and upload them to the keyservers. Now anyone who downloads our keys can determine that we have verified each other. I don’t even need to know about Joi going on to Boston and signing Dave’s key, because when I first download Dave’s key, I’ll see that Joi, who I already checked out, has checked out Dave and found him to be real.
That’s fine as far as it goes, which is pretty much email among relatively small groups of people who meet in person. What about weblog comments?
We have a rather different problem to solve. For the traditional web of trust, the goal is to ensure that a key is owned by a flesh and blood person whose name is the name associated with the key. There may or may not be some casual verification of the associated email address, but mainly it’s about being sure that the name is right. For us, the name is a convenience. It may be a person’s actual name, it may be a pseudonym, it may be a nickname that’s better known than the person’s actual name, but in any case it’s just a convenient tag, to remember that StavrosTheWonderChicken is who writes emptybottle.com, or Dave Winer is who writes scripting.com. Whether you know him as Aquarion or by his real name, what matters in this context is that you know he writes at aquarionics.com.
For a signed comment, although verifying that it hasn’t been altered since it was signed is the same, how and what we want to verify about the signer’s identity is rather different. If I see a signed comment from someone named Mark Pilgrim, I don’t really have any interest in whether or not someone else has verified that the person who signed it is (one of possibly many people) actually named Mark Pilgrim. What I want to know is whether or not it was Mark Pilgrim of diveintomark.org. It doesn’t matter in the least to me whether or not a dozen people whose driver’s licenses I’ve seen have seen that the person who signed that comment has a driver’s license that says his name is Mark Pilgrim. All I want to know is whether or not he’s the person who controls diveintomark.org.
For us, it doesn’t matter who you are: what matters is where you write, and where you link. In this realm, it doesn’t matter that my driver’s license says my name is Phil Ringnalda. What matters is that I control philringnalda.com, and I can link from there to philringnalda.com/public_key.txt. If you verify a comment with a key you get from a keyserver that says it belongs to someone named Phil Ringnalda, you don’t know a thing you didn’t know before, but if you verify it with a key that you find on my server, linked from my main page, then unless I’ve gotten sloppy and let someone own me, you know it’s from me. It doesn’t matter how many people who know far more about PGP and crypto than me say “just use the keyservers, that’s what they are there for” – that’s solving a different problem entirely.