Several questions as feedback on gnupg

Ingo Klöcker ingo.kloecker@epost.de
Sat Jan 26 13:27:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 25 January 2002 00:22, Mike Touloumtzis wrote:
> On Thu, Jan 24, 2002 at 09:30:58PM +0100, Ingo Kl?cker wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Thursday 24 January 2002 02:53, Mike Touloumtzis wrote:
> > > I can't see how getting my key from a keyserver is any safer than
> > > getting a "specially prepared key" from me.  I can upload
> > > whatever I want to the keyservers.  Can you explain why you
> > > believe downloading from the keyservers is safer?  Is there
> > > material which is relevant to the signing process, not covered by
> > > the fingerprint, and not visible in the UID?
> >
> > If you upload your key to a keyserver everyone can get it from
> > there. Therefore it would be much more dangerous for you to upload
> > a key with a wrong UID.
>
> How is it "dangerous"?  Because others can see that I attempted to
> trick you?  Anyone can upload a key to the keyservers with any UID
> they want.

True. But only the key owner can add another (possibly malicious) UID to 
a key which is already on the keyservers.

> There is no authentication of uploaders.  Thus how can it
> be dangerous for me to upload a malicious key?

It would be dangerous for you to re-upload your key with an additional 
malicious UID if at least one other UID has already been certified as 
being authentic by someone.

> I can just tell you someone else did it.

I wasn't talking about a completely new key but about a key to which a 
malicious UID is added after I have certified the other valid UIDs.

> I'm still not convinced.  I believe there is no security difference
> between sending you my key directly or via the keyservers.  Obviously
> the _fingerprint_ must be verified via another channel, though.

True.

> > OTOH, if you send me your key and I send the signed key back to you
> > then it's just me who knows about this key. And then you could add
> > a malicious UID and probably trick my non-OpenPGP-understanding
> > friends into signing it because I signed your key. And if I trusted
> > my friends maybe marginally (which I obviously should better not)
> > you could achieve that your malicious UID was valid for me.
>
> As I see it, because keyserver uploads are deniable, this problem has
> nothing to do with distribution and everything to do with the fact
> that your friends signed a UID without verifying it.  Your friends
> shouldn't be trusted unless they know to verify _each_ UID
> independently.

Exactly. In a perfect world where everybody has complete understanding 
of how public key protocols work this wouldn't be a problem. But we are 
not living in such a perfect world and this means you'd better not even 
trust your (non-OpenPGP-understanding) friends marginally because else 
you might believe all UIDs on some key are valid just because your 
friends certified this key without checking each UID individually 
(because they didn't know better).

Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Up05GnR+RTDgudgRAvFIAKCTVjIiaaTNBA07cFKQIUuTpW70sQCcD6Xy
2iFp8PRhICl107QmrgxJwfY=
=xeoM
-----END PGP SIGNATURE-----