key-signing and stolen subkeys

Atom 'Smasher' atom at suspicious.org
Mon May 24 00:34:56 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 23 May 2004, David Shaw wrote:

> If I was going to sign your key, I would issue YOU a challenge.  Not
> vice versa, since there is no point in you issuing a challenge to me.
> I don't need to prove key ownership, but you do.
==================================

i wouldn't expect ~you~ to fall for this trick... but someone who is new
to pgp and doesn't fully understand public key crypto can be tricked into
using this broken keysigning protocol:

let's say mallory wants to sign your key... mallory issues you a
challenge... you prove your ownership of the your key by signing ONLY THE
CHALLENGE. mallory then gives that same challenge to alice (who doesn't
know better), and offers to "prove" his ownership of ~your~ key by sending
alice that signed 'challenge' (it's not a proper challenge, but alice
doesn't know that!).

by not including a note in the signed material, and only signing the
challenge, you'd be making it easy for mallory to "prove" that your key is
his... and if he collects signatures on it it can create FUD.

the attack depends on finding a key signer who doesn't know how to
properly validate a key... but that's really not hard to find.


        ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

	"If a baseball player slides into home plate and, right
	 before the umpire rules if he is safe or out, the player
	 says to the umpire - 'Here is $1,000.' What would we
	 call that? We would call that a bribe.
	 If a lawyer was arguing a case before a judge and said,
	 'Your honor before you decide on the guilt or innocence
	 of my client, here is $1,000.' What would we call that?
	 We would call that a bribe.
	 But if an industry lobbyist walks into the office of a
	 key legislator and hands her or him a check for $1,000,
	 we call that a campaign contribution.
	 We should call it a bribe."
		-- Janice Fine
		Dollars and Sense magazine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkCxJxQACgkQnCgLvz19QeNCSwCgiFqK5A3GDT4MdLqt6mGZh+c/
h9IAn3soGsIZpIL8lauNeMXhgqwSBX4X
=wKTl
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list