Addendum Revision to Support Public Key Verification

["Douglas E. McCaleb" <doug@wellsys.com>]

Following are some proposed changes to the Addendum to address the need 
to verify public keys. These changes are relative to the Addendum version
on the listserver for March 26th.  

There are other ways to meet the need to verify public keys that might 
be less labor intensive. This approach assumes that business partners 
will contact each other to compare fingerprints.






In the Service Providers section, Step 3, on page 3, add the following as a
third bullet:

Examining fingerprints for public and private keys.





In the SBS Vendors section, insert the following as a new step between 
steps 4 and 5 on page 4:

Create processes to support the examination of fingerprints for public and
private keys.





In the Schools section insert the following as a new step between steps 3
an 4 on page 5:

Verify public keys with any new service providers by means of comparing
fingerprints.






In the Conceptual Overview: Encryption and Digital Signatures section
replace the bullets on page 10 with the following:

Prior to sending the message, the sender obtains a copy of the receiver's
public key; this key is added to the sender's "key ring" of public keys.   

Once added to the sender's "key ring" of public keys, the sender verifies
the new public key by contacting the receiver and comparing the 
receiver's fingerprint for the key with the fingerprint available to the
sender.  If the fingerprints are identical, the sender signs the new public
key,
certifying that it is truly the key of the receiver.

In CommonLine, each participant will have a key ring containing the public
keys of all of  its business partners.

The sender encrypts the message using the recipient's certified public key
and sends the message to the receiver.

The receiver decrypts the message using their secure private key.







In the PGP, Licensing, and Encryption Algorithm section, add the following
as the 4th bullet on page 11:

Enables the user to verify the fingerprint of public and private keys and
to sign public keys once the fingerprints have been compared with the 
senders of the public keys.






In the Setup: Initial Distribution of Keys section, add the following as a
new step after step 5 on page 12:

The business partner should contact the sender of the key and verify the
new public key by comparing the business partner's fingerprint for the 
key with the fingerprint on hand for the business partner's key.  If the 
fingerprints are identical, the sender should sign the new public key,
certifying that it is truly the key of the business partner.




In the Testing Protocols section, add the following as a new step between
steps 3 and 4 on page 13:

Testing partners should verify new public keys by comparing the
fingerprints each has for the others' public keys and signing the 
keys, certifying the keys to belong to their testing partners.






In the Updating Keys section, insert the following as a new step between
steps 6 and 7 on page 15:

The business partner should verify the new key by comparing the key's
fingerprints with your fingerprint for the key and signing the key
certifying that it is truly yours.





In the Glossary section add the following entries:

Fingerprint   A unique series of characters generated when a key is
created. By comparing the fingerprint on your copy of someone's public 
key to the fingerprint on their original key, you can be absolutely sure 
that you do in fact have a valid copy of their key.   




Doug McCaleb
Wellesley Systems, Inc.
for Nellie Mae, Inc.

doug@wellsys.com
doug_mccaleb@nelliemae.org