Dirmngr now supports hkps

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 9 22:59:40 CEST 2014

On 05/07/2014 03:51 PM, Werner Koch wrote:
> On Wed,  7 May 2014 18:17, kristian.fiskerstrand at sumptuouscapital.com said:

>> I strongly suggest using the original hostname provided as SNI when
>> performing keyserver lookups, this is also consistent with current
> Okay.  What about a dirmngr options to enable or disable the use of the
> pool name?

I agree with Kristian that the name given by the user should be the name
sent to the remote server, and should also be the name checked against
the certificate.

Using a DNS reverse lookup to modify the name supplied to the remote
host is a violation of the security assumptions that underpin the goal
of using TLS in this case.

If i understand the reverse DNS lookup Werner is describing correctly,
an attacker capable of spoofing the DNS should be able to modify the
name that the client expects.

C: Client
D: DNS resolver (could be compromised)
S: server

 C→D: give me the address for keys.example.org
 D→C: keys.example.org is at
 C→D: what is the name for
 D→C: the name for is evilsite.example
 C→S: hi, i would like evilsite.example
 S→C: sure, here is my certificate for evilsite.example

So any S just needs a certificate for *any* domain from a trusted X.509
root authority, if the attacker able to take over or poison D.

Kerberos used to do a similar DNS reverse lookup, and they no longer
recommend doing it because of the same security concerns.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140509/a6601818/attachment.sig>

More information about the Gnupg-devel mailing list