Web Key Discovery
bernhard at intevation.de
Mon Apr 9 10:14:58 CEST 2018
Am Freitag 06 April 2018 17:22:18 schrieb Sam Bull:
> > Because we want to defend to some extend against an email provider
> > manipulating the pubkeys it hands out for their users. Otherwise we are
> > less end-to-end. Therefore we essentially assume that one email address
> > is one identity.
> I'm still not understanding how this adds any security at all. Surely, if
> an email provider is manipulating the pubkeys, it would just create keys
> with matching user IDs. What is the proposed attack that a matching user ID
> is protecting against?
Against someone, including the email provider, that wants to give their pubkey
to be used instead and do not want to be noticed. Against accidental use of a
wrong pubkey for whatever reasons. (The defense happens like Peter explained,
ideally we also look at the history.)
> > My suggestion is: As you are the only user on the server and completely
> > controlling it: Add a new identity each time you create a new email alias
> > automatically on a server. If you want more security use a hardware
> > token.
> Wouldn't the server need to have the private key in order to add additional
> user IDs? That would obviously be a big drop in security.
Yes, and no (as I've outlined).
> I already have 1000+ addresses, so it also seems a bit extreme sending a
> PGP key with 1000s of user IDs.
You could create a copy each time, each with only one user ID on it.
> > Note that someone how gets to control your server, could just create a
> > new email aliases and a completely new keypair they control and divert
> > emails send to you, so you cannot defend against all of these attacks
> > anymay.
> If the private key is on there, then they would also be able to secretly
> monitor all my communications.
Yes, but if it is not on there, they would just use their own private key
and act as a man in the middle.
> Also, I am assuming because WKD is done with HTTP requests, that I can run
> the WKD on my personal server, while email is handled by my email provider.
Yes, WKD can be run on the webserver of the email-domain, which can be under
different control than the email server.
> Therefore, actually, they could not divert emails sent to me, without also
> compromising my email provider or DNS.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel