[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PoP & Signer's User ID subpacket?

To: ietf-openpgp@xxxxxxx
Subject: Re: PoP & Signer's User ID subpacket?
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Mon, 16 Jun 2003 23:36:11 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@imc.org
References: <> <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 16, 2003 at 03:53:11PM -0700, Trevor Perrin wrote:

> >> Is there a risk that Alice could trick someone into certifying
> >> that Bob's public key belongs to her?  Then someone receiving a
> >> signed message from Bob might incorrectly think it came from
> >> Alice.
> >
> >Not really, since when Charlie certifies key X, he isn't certifying
> >that it belongs to anyone other than the string in the user ID.
> >Assuming Bob doesn't have a user ID "A-L-I-C-E", this shouldn't be
> >a problem ;)
> >
> >Of course, it is possible for Alice to attach her own name to Bob's
> >key as a second user ID, but that user ID wouldn't be selfsigned
> >and so it would be difficult to get someone else to sign it.
> 
> Probably Alice would first ditch Bob's self-signed user ID, then add
> her own name as an unsigned user ID.  How software would display
> that, and whether users would recognize the danger signs and not
> sign that, I dunno.

PGP shows such user IDs as revoked (not sure why) and refuses to sign
them.

GnuPG shows such user IDs as unsigned, and warns the user before
signing them.  I may go ahead and make the warning even stronger or
just flat out refuse to sign like PGP.

This raises a 2440bis question: given all the recent deprecation of
PGP 2.x stuff, is it worth requiring self-signatures on user IDs now?
If I recall, the only reason that user ID self-signatures are not
currently required was for 2.x compatibility.  Certainly every modern
implementation (5.0+, any GnuPG) generates user ID self-signatures
automatically when a user ID is created.

> But here's another angle: suppose Alice gets someone to sign her
> legitimate primary signing key.  Then she signs Bob's public key as
> a subkey of her primary key.  So even if you've done a
> Proof-of-Possession check on Alice's primary key, she can possibly
> evade that by introducing a subkey.

At least one of the challenge policies (mine) requires that the
challenge response comes from the primary key.  The primary is the one
that I got a fingerprint for, and the primary is the one I'm signing
when I certify the key, so the primary is the one I require the
challenge response from.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+7oyr4mZch0nhy8kRAl49AKCuSJGc0CJnC6sNYxXvOhzW/xgYcQCgkErK
k1+VB8LIaS1cDV/VFKSkmSc=
=xm/X
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: PoP & Signer's User ID subpacket?
  - From: Len Sassaman
- Re: PoP & Signer's User ID subpacket?
  - From: Trevor Perrin

References:
- PoP & Signer's User ID subpacket?
  - From: Trevor Perrin
- Re: PoP & Signer's User ID subpacket?
  - From: Trevor Perrin

Prev by Date: Re: PoP & Signer's User ID subpacket?
Next by Date: Re: PoP & Signer's User ID subpacket?
Previous by thread: Re: PoP & Signer's User ID subpacket?
Next by thread: Re: PoP & Signer's User ID subpacket?
Index(es):
- Date
- Thread