> So there are several avenues of attack, only some of which can be mitigated with HTTPS. I choose to believe that I’m not a valuable target enough to attack my public key distribution, in particular because I still send the majority of my e-mail unencrypted :-) > The more secure way of matching key to individual is to receive the key from the individual directly, e.g. in direct contact, or by (secure) introduction from a trusted third party. Between those extremes is to seed your key in multiple web presences that you manage. Confidence in the key at your own web site increases when the same key is available through several unrelated web sites or services at which you have an established reputation. If you find the same key for me at t-rob.net, ioptconsulting.com, ask-an-aspie.net, @tdotrob on Twitter, LinkedIn, and attached to my emails you can be pretty confident that's my key. It's one thing to choose to believe that you're not a valuable target enough to attack your public key distribution on one web site, quite another to believe it's not worth hacking you across a dozen sites. From: Johannes Ernst [mailto:
]
Sent: Wednesday, August 26, 2015 0:28 AM
To: Dan Lyke; Don Marti
Cc: projectvrm
Subject: Re: [projectvrm] Personal web presence ("home page") checklist On Aug 25, 2015, at 13:27, Dan Lyke <
">
> wrote: On Tue, Aug 25, 2015 at 1:15 PM, Don Marti <
">
> wrote:
* Link to keybase.io account (connect social accounts
claiming to be you to your real public key)
keybase.io is centralization. First choice is just publishing your PGP
key on the site, although to be useful this must be served over HTTPS
or be verified in some other way.
I’m not sure that https does very much here. For the public key to be trustworthy, I need to know that 1. the key I receive is indeed the key that is served by upon2020.com (my site — I publish my pgp key there via http, so it’s a good example) 2. the key served by upon2020.com is the key the owner of the site intended to serve 3. the site is under the effective control of one Johannes Ernst 4. the Johannes Ernst that owns that site is indeed the Johannes Ernst I want to communicate with So there are several avenues of attack, only some of which can be mitigated with HTTPS. I choose to believe that I’m not a valuable target enough to attack my public key distribution, in particular because I still send the majority of my e-mail unencrypted :-) The more secure way of matching key to individual is to receive the key from the individual directly, e.g. in direct contact, or by (secure) introduction from a trusted third party. (And I'm hoping that something like https://github.com/zrm/snow
catches on so that our links and identity start to have public key
verification built in at the identifier level...)
* (coming soon) Let's Encrypt or other SSL support
Given the amount of MitM attacks we're seeing these days, I think this
is a necessity if you're publishing keys. I don't know that we've seen
any exploits yet, and I still lack ssl on the sites I host, but...
* microformats for any public contact info (?)
vcard seems like a no-brainer, although marking up the page with MF2
syntax also seems like a no-brainer.
Back to Don’s original question: it should also have the tools by which the site owner would like to interact with others. Today, unfortunately, that largely is limited to blogging, plus some ways for others to talk back (commenting, pingbacks etc.) Innovation required here. |