issues with OpenPGP certificate verification

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Mon Apr 21 17:30:57 CEST 2008


Hey Folks--

I just opened a couple tickets concerning what appear to be serious
problems with GnuTLS's OpenPGP certificate verification:

 * gnutls-cli continues connection when certificate User ID does not
   match hostname (even without --insecure):

     http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/31

   This is equivalent to accepting a valid TLS certificate from
   https://evil.com/ even though the connection was made to
   https://good.com/

 * gnutls will accept an unsigned UserID as a hostname match as long
   as some signed UserID exists:

     http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/32

   This appears to be a problem with the way that the library offers
   information about the UserIDs in the OpenPGP certificates.  Since
   each UserID in an OpenPGP cert can be signed by 0 or more keys
   (other than the primary key), there needs to be a way to check the
   validity of specific UserIDs, not just the certificate as a whole.

As usual, if you want more details, just post to the tickets, and i'll
provide whatever help i can.

I'm excited to see the library offering OpenPGP features for TLS, but
these problems are significant security concerns.  i want to make sure
that the first major implementation of this extension is secure!

Thanks for all the work on this,

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080421/de6ca473/attachment.pgp>


More information about the Gnutls-devel mailing list