OpenPGP headers

Atom 'Smasher' atom at suspicious.org
Wed Aug 11 04:17:59 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 10 Aug 2004, Simon Josefsson wrote:
> Atom 'Smasher' <atom at suspicious.org> writes:

>> when signing (or otherwise verifying) a key, it's recommended to confirm
>> the fingerprint, size, and type of the key (and UID, of course). if all of
>> these checks are done (and keys are reasonably large), then it's
>> infeasible to substitute a "trojan" key.
>
> Given Werner's comment, I have my doubts whether this checking is
> necessary.  It seems the checks provide marginal improvements, in
> which case I believe that any requirement to perform these checks
> itself (i.e., the _requirement_ itself, not the checks) is more
> harmful than not performing the checks.
===================

??? the spec would *allow* the information of key type and size to be 
convoyed, but not require any application to make use of that information.


> What I'm worried about here is this scenario: a user receive an e-mail
> with OpenPGP-URL:, the user clicks on 'Reply securely' (or whatever)
> and the client goes and fetch the URL, and then start to edit the
> reply e-mail, and then signs it to the key retrieve without verifying
> that the key retrieved even match the Key ID/fingerprint from the
> message.  This isn't unreasonable client behavior if there is no
> guidance, and I'm not sure it is a good idea to permit clients to
> behave this way.  More thought on this might help.
=============

more thought on any ways that the information is likely to be misused 
would be good. what incorrect assumptions might be made?


> I agree.  It was a suggestion to things to add to the 'security
> consideration', and not to the core part of the document, after all.
=============

oh, yes... you mean point out foreseeable security pitfalls... yeah, that 
is a good idea. i thought you were suggestion that the spec recommends how 
an application should or shouldn't use the information.


> Hm.  Lowest common denominator seem to be RFC 2440.  But I realize now
> that RFC 2440 does not specify "Text names" for the PK algorithms,
> only for the hash algorithms.  That's a shame.  So it seems id numbers
> is the way to go here.  I think it might be hinted that RFC 2822
> comments may be used to improve human readability:
>
> OpenPGP-Key: id=0x4711; algo=2 (RSA Encrypt only); size=42
>
> or whatever.
==================

very good observation!

i think that will definitely make it into draft 0.2.


  	...atom

   _________________________________________
   PGP key - http://atom.smasher.org/pgp.txt
   762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
   -------------------------------------------------

  	"No! Try Not -- Do, or Do Not; There is no Try..."
  		-- Yoda, The Empire Strikes Back
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBGYHdAAoJEAx/d+cTpVciRtoH/0rcPoyE0JjYvittrujMLa/V
u0fC2NJ9RO+eHANpdmRGM878Uel4LFXsFQ4JRS3MDphArk6Ke2SpYJx4TUrORb7g
KT4bX6LaEiMCmueodv0m1aoMXWK4YkrKP3kWFRj9pIH/QE6Twx7RYF3Vo03nzojo
Cl78LIMy9JWjePrilyFjSyQoQNs5PLnKOi64c6gI/K6IQgS34fKq1OkDFqwYiwMk
YQA7wJx3l0bIiDMDql3wxnfqAR/oY+9IS/nSjm+0g6jlYxTfgzPq9ZuTEU+hzhyp
jWZZnSk8CLCDf2C02EDsSOPmV6+PG2RMSPwwjJqHVWs+y4l81FuuOpo/5E1oUKs=
=vS3+
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list