NAI PGP open to ADK attack

Werner Koch wk at
Mon Aug 28 11:01:43 CEST 2000

On Sat, 26 Aug 2000, Rich Wales wrote:

> So, GnuPG users can't inadvertently encrypt messages to illegitimate
> extra keys.  However, I think GnuPG users are still vulnerable to the
> problem if other people encrypt messages to them using NAI PGP.

It is common use to encrypt to several recipients - you can't tell
whether the sender's software selected one of the recipients
automagically from a ARR.  You might not have the public key with the
ADK or the ADK might not be in your version of the public key.

> (1) Modify GnuPG to notify the recipient whenever a message has been
>     encrypted to any key that isn't in the user's secret keyring.

You don't encrypt to a key in the secret keyring.  That is the whole
point of public key encryption.  You use a public key to encrypt a

> (2) Modify the OpenPGP standard to switch over to a new signature
>     packet format (version 5?), not recognized by NAI PGP.

There are no v5 packets and there are no reasons to change the current
v4 protocol.  ARR are not defined in OpenPGP and even PGP has an
option to warn you about there use.


Werner Koch				GnuPG key:  621CC013
OpenIT GmbH                   

More information about the Gnupg-devel mailing list