BUG: --keyserver option may compromise anonymity
Florian Weimer
Florian.Weimer at RUS.Uni-Stuttgart.DE
Mon Dec 18 18:50:52 CET 2000
According to the GNU Privacy Handbook, the --keyserver is only taken
into account if a --send-keys or --recv-keys option is present as
well:
| This option is used in conjunction with either
| <link linkend="recv-keys"><option>recv-keys</option></link> or
| <link linkend="send-keys"><option>send-keys</option></link> to specify a
| keyserver to manage public key distribution.
This is not the whole story. Although there's a comment at the top of
hkp_ask_import() mentioning user interaction, I've never seen GnuPG
asking before doing a HKP request when verifying signatures.
/****************
* Try to import the key with KEYID from a keyserver but ask the user
* before doing so.
* Returns: 0 the key was successfully imported
* -1 key not found on server or user does not want to
* import the key
* or other error codes.
*/
int
hkp_ask_import( u32 *keyid )
While the current approach is convenient for many (most?) people, it
can lead to anonymity compromise when GnuPG is used to decrypt (and
verify) a message send via anonymous remailers.
Either the code should be fixed, or this issue should be documented.
(Probably both.)
--
Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
More information about the Gnupg-devel
mailing list