Dirmngr now supports hkps
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 9 22:59:40 CEST 2014
On 05/07/2014 03:51 PM, Werner Koch wrote:
> On Wed, 7 May 2014 18:17, kristian.fiskerstrand at sumptuouscapital.com said:
>> I strongly suggest using the original hostname provided as SNI when
>> performing keyserver lookups, this is also consistent with current
>
> Okay. What about a dirmngr options to enable or disable the use of the
> pool name?
I agree with Kristian that the name given by the user should be the name
sent to the remote server, and should also be the name checked against
the certificate.
Using a DNS reverse lookup to modify the name supplied to the remote
host is a violation of the security assumptions that underpin the goal
of using TLS in this case.
If i understand the reverse DNS lookup Werner is describing correctly,
an attacker capable of spoofing the DNS should be able to modify the
name that the client expects.
C: Client
D: DNS resolver (could be compromised)
S: server
C→D: give me the address for keys.example.org
D→C: keys.example.org is at 192.0.2.3
C→D: what is the name for 192.0.2.3?
D→C: the name for 192.0.2.3 is evilsite.example
C→S: hi, i would like evilsite.example
S→C: sure, here is my certificate for evilsite.example
So any S just needs a certificate for *any* domain from a trusted X.509
root authority, if the attacker able to take over or poison D.
Kerberos used to do a similar DNS reverse lookup, and they no longer
recommend doing it because of the same security concerns.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140509/a6601818/attachment.sig>
More information about the Gnupg-devel
mailing list