Web Key Discovery

Bernhard Reiter bernhard at intevation.de
Mon Apr 9 10:14:58 CEST 2018 

Am Freitag 06 April 2018 17:22:18 schrieb Sam Bull:
> > Because we want to defend to some extend against an email provider 
> > manipulating the pubkeys it hands out for their users. Otherwise we are
> > less  end-to-end. Therefore we essentially assume that one email address
> > is one identity.
>
> I'm still not understanding how this adds any security at all. Surely, if
> an email provider is manipulating the pubkeys, it would just create keys
> with matching user IDs. What is the proposed attack that a matching user ID
> is protecting against?

Against someone, including the email provider, that wants to give their pubkey 
to be used instead and do not want to be noticed. Against accidental use of a 
wrong pubkey for whatever reasons. (The defense happens like Peter explained, 
ideally we also look at the history.)

> > My suggestion is: As you are the only user on the server and completely 
> > controlling it: Add a new identity each time you create a new email alias
> > automatically on a server. If you want more security use a hardware
> > token.
>
> Wouldn't the server need to have the private key in order to add additional
> user IDs? That would obviously be a big drop in security. 

Yes, and no (as I've outlined).

> I already have 1000+ addresses, so it also seems a bit extreme sending a
> PGP key with 1000s of user IDs.

You could create a copy each time, each with only one user ID on it.

> > Note that someone how gets to control your server, could just create a
> > new  email aliases and a completely new keypair they control and divert
> > emails send to you, so you cannot defend against all of these attacks
> > anymay.
>
> If the private key is on there, then they would also be able to secretly
> monitor all my communications.

Yes, but if it is not on there, they would just use their own private key
and act as a man in the middle.

> Also, I am assuming because WKD is done with HTTP requests, that I can run
> the WKD on my personal server, while email is handled by my email provider.

Yes, WKD can be run on the webserver of the email-domain, which can be under 
different control than the email server.

> Therefore, actually, they could not divert emails sent to me, without also
> compromising my email provider or DNS.

Correct.

Best Regards,
Bernhard


-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180409/37124262/attachment-0001.sig>

More information about the Gnupg-devel mailing list