Public Keys and the Web Page.

[Ross Anderson]

Charles Lindsey, on the Global Trust Register Page:

> The first difficulty is that the book does not distinguish between X.509
> and PGP keys - it just gives the fingerprints and leaves you to work out
> which they are by trying them out :-( .

It does indeed distinguish PGP, X.509 and Solo keys. PGP keys are
presented with their length and X.509 keys with their expiry date.
Also, they are in different chapters, except for chapter 8 where there
are sub-headings. There is also a long discussion of the peculiarities
and disadvantages of the various formats in the introduction.

> The one I was interested in was Thawte's Personal Freemail CA key. I
> deduce that the fingerprint given is for an X.509 certificate. But there
> also exists a PGP key of the same name (and presumably based on the same
> modulus and exponent), but of course that has a different fingerprint
> (to wit 59 48 2B 3D 22 E1 DC 67 AB 4B CE 5C 7F AD 91 05).

You would be mad to use the same modulus and exponent in both an X.509
system and a PGP system. You gain nothing yet you magnify the risk of
compromise. Do you really want your PGP key broken because rootshell
publishes a stack-smashing exploit script that gets your X.509 key out
of your browser? If the NSA writes a Tempest virus that steals PGP
keys, do you want to give them your X.509 key too for no extra effort?

In any case the certificate formats are incompatible because different
things are hashed to give the fingerprint.

> To make matters worse, even Thawte do not give the PGP version on their
> own Web Site!

Then maybe the PGP key associated with Thawte is bogus. I don't know;
I am just surprised that they went to all the trouble to get their
X.509 keys in the Register but never mentioned a PGP key. Anybody on
earth can drink a couple of beers, generate a PGP key with any old
name, put it on the servers, and it stays there forever. (The
consequences for a service denial attack shouldn't be forgotten.)

Ross