Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Uživatelský manuál stáhnout pdf (Strana 39)

it to the clipboard (Ctrl+C under Windows). Then choose Edit → Import keys

from Clipboard to import this public key into your keyring.

You can search and add public keys to your keyring at any time. Enigmail will

also offer to do so automatically when you receive a signed message from

someone and you do not have his public key; we'll see this in Section 8.2.3.

If you followed all instructions up to here, by now your keyring should contain

your own key pair and a number of public keys purporting to other people.

7.7. Validity of public keys

Importing a public key from a keyserver is quick and easy, but it does not

guarantee that the key really purports to the person specified as the user ID.

After all, anybody could have uploaded that key.

Furthermore, if you received someone's public key via email, you should reflect

on the fact that there is an inherent security problem in using the same channel

(e-mail) both for key distribution and for the exchange of messages secured by

that key. Theoretically, an attacker that is able to compromise the channel can

replace the public key in transit with a rogue public key of a key pair he created

himself (man-in-the-middle attack). The attacker can now intercept the

message that was encrypted with the rogue public key, and decrypt it since he

owns the companion private key.

A solution to this problem is to check the public key's fingerprint with the key

owner through a different channel. You may phone the key owner and have him

read the key fingerprint to you. If the fingerprint does not match, you both know

that the key was replaced in transit.

This procedure is safe but cumbersome whenever, as is almost always the

case, you do not know personally the key owner or if you have several keys in

your public keyring. This problem was therefore firstly addressed in PGP by

developing a trust delegation model called Web of Trust.

7.7.1. The Web of Trust

In the Web of Trust model, responsibility for key validation is delegated to other

people you trust. The trust is expressed in signing other people's public keys.

For instance, Alice would use her key 0xAAAAAAAA to sign Bob's public key

0xBBBBBBBB to certify that particular public key belonging to the individual

called Bob. Bob has signed Carol's public key 0xCCCCCCCC. From this, Alice

can infer that Carol's public key is valid (i.e. public key 0xCCCCCCCC purports

to the individual called Carol) because there is a path of valid signatures from

her public key to Carol's.

The View → Signatures menu item in Key Management, or the View Signatures

button in Key Properties, allow you to view the signatures attached on a key i.e.

by whom this key has been signed.

Participation to the Web of Trust is completely voluntary: you do not need to

1 2 ... 34 35 36 37 38 39 40 41 42 43 44 ... 105 106

Žádné komentáře

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Uživatelský manuál Strana 39