atom at suspicious.org
Wed Aug 11 04:17:59 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 10 Aug 2004, Simon Josefsson wrote:
> Atom 'Smasher' <atom at suspicious.org> writes:
>> when signing (or otherwise verifying) a key, it's recommended to confirm
>> the fingerprint, size, and type of the key (and UID, of course). if all of
>> these checks are done (and keys are reasonably large), then it's
>> infeasible to substitute a "trojan" key.
> Given Werner's comment, I have my doubts whether this checking is
> necessary. It seems the checks provide marginal improvements, in
> which case I believe that any requirement to perform these checks
> itself (i.e., the _requirement_ itself, not the checks) is more
> harmful than not performing the checks.
??? the spec would *allow* the information of key type and size to be
convoyed, but not require any application to make use of that information.
> What I'm worried about here is this scenario: a user receive an e-mail
> with OpenPGP-URL:, the user clicks on 'Reply securely' (or whatever)
> and the client goes and fetch the URL, and then start to edit the
> reply e-mail, and then signs it to the key retrieve without verifying
> that the key retrieved even match the Key ID/fingerprint from the
> message. This isn't unreasonable client behavior if there is no
> guidance, and I'm not sure it is a good idea to permit clients to
> behave this way. More thought on this might help.
more thought on any ways that the information is likely to be misused
would be good. what incorrect assumptions might be made?
> I agree. It was a suggestion to things to add to the 'security
> consideration', and not to the core part of the document, after all.
oh, yes... you mean point out foreseeable security pitfalls... yeah, that
is a good idea. i thought you were suggestion that the spec recommends how
an application should or shouldn't use the information.
> Hm. Lowest common denominator seem to be RFC 2440. But I realize now
> that RFC 2440 does not specify "Text names" for the PK algorithms,
> only for the hash algorithms. That's a shame. So it seems id numbers
> is the way to go here. I think it might be hinted that RFC 2822
> comments may be used to improve human readability:
> OpenPGP-Key: id=0x4711; algo=2 (RSA Encrypt only); size=42
> or whatever.
very good observation!
i think that will definitely make it into draft 0.2.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"No! Try Not -- Do, or Do Not; There is no Try..."
-- Yoda, The Empire Strikes Back
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-devel