jas at extundo.com
Wed Aug 11 09:04:57 CEST 2004
Atom 'Smasher' <atom at suspicious.org> writes:
> On Tue, 10 Aug 2004, Simon Josefsson wrote:
>> Atom 'Smasher' <atom at suspicious.org> writes:
>>> when signing (or otherwise verifying) a key, it's recommended to confirm
>>> the fingerprint, size, and type of the key (and UID, of course). if all of
>>> these checks are done (and keys are reasonably large), then it's
>>> infeasible to substitute a "trojan" key.
>> Given Werner's comment, I have my doubts whether this checking is
>> necessary. It seems the checks provide marginal improvements, in
>> which case I believe that any requirement to perform these checks
>> itself (i.e., the _requirement_ itself, not the checks) is more
>> harmful than not performing the checks.
> ??? the spec would *allow* the information of key type and size to be
> convoyed, but not require any application to make use of that information.
Yes, that's what I meant.
>> I agree. It was a suggestion to things to add to the 'security
>> consideration', and not to the core part of the document, after all.
> oh, yes... you mean point out foreseeable security pitfalls... yeah, that
> is a good idea. i thought you were suggestion that the spec recommends how
> an application should or shouldn't use the information.
No, that wasn't my intention. Today's DNSSEC doesn't work, but still
many specification suggest that people should use DNSSEC to solve DNS
security problems... Similarly, using HTTPS doesn't improve things
much, since there is no global PKI, but people suggest it anyway.
More information about the Gnupg-devel