subkey binding signature with no usage flags and/or a critical notation

Daniel Kahn Gillmor dkg at
Sat Sep 14 00:03:16 CEST 2013

On Wed 2013-09-11 17:46:41 -0400, Daniel Kahn Gillmor wrote:
> Without this patch, if a subkey with a usage flags subpacket that is
> all-zero appears, GnuPG thinks that the key is valid for all
> capabilities (usage: SCEA).
> This is dangerous in several ways:
>  * if it's your own key, GnuPG will use it to sign messages or certify
>    other OpenPGP certificates
>  * if it's someone else's key, GnuPG will encrypt to it
>  * if it's someone else's key, GnuPG may be willing to rely on OpenPGP
>    certifications made by the key, despite the owner having clearly
>    marked that it is not acceptable for that use.
> Depending on how such a key is actually used in practice, this may cause
> unrelated confidential data to be revealed, or it may let GnuPG follow
> spoofable paths through the WoT. 


> I'm inclined to see this as a security vulnerability (because of the
> confidentiality and certification-following concerns); i'd like to see
> it fixed in the stable branches and assigned a CVE, so that i can push
> for getting it resolved in those distros that care about CVE coverage.

This is now CVE-2013-4351.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130913/a448044d/attachment-0001.sig>

More information about the Gnupg-devel mailing list