recommendation for key servers

Werner Koch wk at gnupg.org
Wed Jun 30 19:45:29 CEST 2021


On Wed, 30 Jun 2021 12:18, Justus Winter said:

> I fear that the mechanism has not been very well designed.  In short, I
> believe it is not complete, not functional, and dangerous:
>
> https://github.com/hockeypuck/hockeypuck/issues/136

Find below a copy of Justus' comment


Salam-Shalom,

   Werner


===
teythoon commented 8 hours ago

I have grave concerns regarding the authenticated key replacement
mechanism as proposed by HIP-1 and implemented in current hockeypuck
versions. I believe it to be not complete, not functional, and
dangerous.

First, because it uses OpenPGP's detached signature mechanism, it
requires a signing-capable (sub)key. Therefore, the mechanism fails to
protect OpenPGP certificates without signing-capable (sub)key. The
solution is not complete.

Second, after a key has been replaced with a clean version, presumably
to get rid of a flood of certifications, an attacker can simply re-add
the certifications. The replacement mechanism does not assure
sovereignty, only a momentarily relief. Therefore, the solution is not
functional.

I haven't looked into how gossiping plays into that, but if gossiping
uses the same policy as updates using hkp, then gossiping will also
re-add any third party certifications.

Third, the pair of keytext and keysig are a capability to reset the copy
of the certificate on the server to keytext. If a malicious party ever
gets hold of such a pair, then they have the ability to remove updates
from the certificate stored on the server. Undoing an update that
extends the validity period of a certificate leads to an DoS because the
certificate can no longer be used (e.g. for encryption). Undoing an
update that revokes a key leads to a certificate being used even though
it shouldn't, compromising authenticity and confidentiality. Therefore,
I conclude that the mechanism is dangerous.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210630/8f4c900e/attachment.sig>


More information about the Gnupg-devel mailing list