phrase "UNTRUSTED good signature" is dangerously misleading

Ximin Luo infinity0 at gmx.com
Sat Jul 13 18:51:03 CEST 2013


On 13/07/13 17:36, Daniel Kahn Gillmor wrote:
> On 07/13/2013 05:39 AM, Ximin Luo wrote:
>> When we got to the part where we receive an email signed by a key which has not
>> yet been verified by a trusted key, GPG outputs the familiar phrase "UNTRUSTED
>> Good signature". Now previously, I didn't think too much of this, since I
>> understand the model of PGP. However, the other instructor in the session told
>> people that in order to make the "UNTRUSTED" go away, you simply set the
>> ownertrust to "full" via the Enigmail interface.
>>
>> This is, of course, the ENTIRELY wrong thing to do. What people should do, and
>> I corrected this later, is (either face-to-face or over a previously verified
>> channel) verify each other's fingerprints, and sign each other's keys.
> 
> i've seen this exact same mistake made by at least two other people who
> were well-intentioned and somewhat knowledgeable.  when i pointed out
> the problem with that approach privately (that it was equivalent to
> adding a new root CA to your browser's X.509 trust chain), one of them
> was so frustrated by the confusion, and dismayed that they may have led
> people astray in the past, that they wanted to stop using GnuPG (and
> therefore OpenPGP) altogether, calling it "too dangerous".
> 
> While this last might seem a bit like an overreaction, i think the
> dismay is understandable, coming from someone who is actively trying to
> help people improve their secure communications.
> 
>> But without a technical understanding of PGP, his suggestion was very reasonable:
>>
>> - the interface has a warning about "UNTRUSTED"
>> - the interface provides a way to set "trust" (actually ownertrust but it
>> doesn't mention the term I guess to "not confuse" the user)
>> - doing this makes the previous warning go away
>>
>> This stems from the concept of "trust" in PGP (= belief that someone else signs
>> certificates honestly and correctly), which is much more specific than the
>> broad concept in English. So one must be careful when using the word "trust" in
>> the UI, not to mix up the two use cases.
>>
>> Whilst technically correct, "UNTRUSTED" is not the main point when you are
>> verifying signatures. The main point is to ensure the key is verified to
>> actually belong to the correct person. So I would suggest rephrasing the
>> warning to something like
>>
>> - "UNVERIFIED Good signature", or
>> - "Good signature from an UNVERIFIED KEY"
> 
> I think a change like this is a good idea.  If the tool itself can't
> clearly separate the concept of "ownertrust" from "verified" or "valid"
> keys, then most users will have little chance of sorting out the
> distinction themselves.
> 

I just realised that "UNVERIFIED Good signature" might be confusing too,
because the signature is verified but the key isn't.

Perhaps we should say "UNVALIDATED" instead, and this would be consistent with
the PGP docs' use of the word "validity" to refer to a key that has been
validated/verified to belong to its claimed owners.

Another thing the interface can do is pop up a big massive warning when people
try to set ownertrust on keys that haven't been validated by an already-trusted
key.

> I believe the enigmail authors are already open to patch submissions to
> clarify the distinction between ownertrust and validity, fwiw.
> 
> 	--dkg
> 


-- 
GPG: 4096R/5FBBDBCE
https://github.com/infinity0
https://bitbucket.org/infinity0
https://launchpad.net/~infinity0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130713/cf20ad3e/attachment.sig>


More information about the Gnupg-devel mailing list