Houston, we have a problem
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Tue Sep 26 13:30:28 CEST 2017
On 09/26/2017 01:07 PM, Andrew Gallagher wrote:
> So SKS should just say "unverified signature from <fingerprint>". It
> should not repeat the purported user ID, nor provide a search link that
> returns completely unrelated keys that happen to have the same purported ID.
No, that is also wrong, as it implies that anything is trusted unless
otherwise stated. A malicious actor can claim it is verified all he/she
wants (simply removing the disclaimer). The user's default position
NEEDS to be that nothing is verified until it is done locally or by an
explicitly trusted third party.
Any kind of disclaimer is actually doing the user a dis-service and
supporting a subset of the user base that lacks sufficient
experience/knowledge to do anything securely to begin with, which is the
root cause of the issue; the solution isn't a disclaimer it is more
education.
Fwiw I don't recommend anyone to directly link to vindex etc on
keyservers, you'll notice that https://sks-keyservers.net only links to
get operations for similar purposes (if you find a (v)index link it is a
bug and you should report it separately), but being able to browse the
keyserver directly is too useful for debugging to completely remove. It
is a reason it is done on port 11371 for hkp and I would encourage only
accessing it through a local client, but other than that it isn't much
to do on the keyserver side.
But the lesson here is that in order to avoid misuse by an unexperience
userbase the protocol has to be a binary obfuscated mess instead of
trying to re-use well-established protocols in text form, just in case
the user walks into the maze for some reason.
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"If you don't drive your business, you will be driven out of business"
(B. C. Forbes)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170926/798e1c89/attachment.sig>
More information about the Gnupg-users
mailing list