Keyserver/security bug 1447 (and 1446 too)

Daniel Kahn Gillmor dkg at
Tue Dec 4 17:59:45 CET 2012

On 12/03/2012 05:48 PM, Phil Pennock wrote:

> By contrast (to respond to another person here), using PGP for link
> security instead of the X.509 PKIX tells me that folks are iffy on
> "message-based security" vs "live link security" and on the impact of
> timing-based attacks.  As a keyserver operator, someone happy providing
> a public service to assist in OpenPGP usage, I'm not going to put
> PGP-based link security into place without a lot more operational impact
> analysis of the crypto code in GnuPG's resilience to timing attacks, and
> more.

The actual crypto code used to sign the TLS handshake (the basis of the
"live link security") is going to be the RSA implementation in the
underlying crypto toolkit (e.g. OpenSSL, nettle, NSS, or gcrypt).

This is irrespective of the packaging format of the certificate (how the
RSA public key material is presented).

If you believe that there are (e.g.) timing issues related to these
crypto toolkits in live link situations, please please report them!
They are actively in use by many systems on the public 'net today,
whether with OpenPGP certificates or otherwise.


More information about the Gnupg-devel mailing list