Proposed fix for alleged OpenPGP key flaw

Kurt Fitzner kurt-fitzner@home.com
Sat Jun 30 23:11:01 2001


This message is in MIME format
--_=XFMail.1.5.0.Linux:20010630150228:23527=_
Content-Type: text/plain; charset=us-ascii

Hi,

I've been reading on the alleged OpenPGP key format flaw ( see
http://www.pgpi.org/news/#20010324 ).  The issue (from what I understand from
reading the articles) is that GnuPG (et al) accepts keys as stored in your
secret key ring.  That if someone has access to your computer, they can make
changes to your private key that, the next time you sign with it, can give them
an effective attack.

Now, to me this does not seem to be a file format issue.  This seems to me to be
a trust issue.  And, what better mechanism to handle a trust issue than GnuPG
itself.

I would suggest that instead of changes to the OpenPGP standard, that we need
to take the matter of key trust into account in the software.  All that is
needed is to make a detached signature of your private key whenever it is
modified.  This can be done by temporarily extracting the key, having the
secret key make a detached signature, and then overwriting/deleting the
temporary secret key.  This could even be done in memory with a little more
work.

Then, whenever your secret key is used, GnuPG would simply have to check the
signature against the secrey key first.

The advantage:  1) No OpenPGP key format changes are required. 2) There is a
certain philosophical elegance to using the the system to protect itself.

Disadvantage:  Requires a signature validation every time the secret key is
used.

Any thoughts?

        Kurt


--_=XFMail.1.5.0.Linux:20010630150228:23527=_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iQEcBAEBAwAGBQI7Pj5jAAoJEN366Kf2Ie2tNV4H/jlGqfgb1mhaQ3OXdTn5j3FJ
8dai/Oo8/mY/aCKaiTQEmgzRKMZx0ZDnOSfxckOL9+rEZcXg95zNSaAzvHQmqaEu
REQYv2zIxi1uTx3qamytzdsIIBuRnrBQ9U0xjk5eei2JP8qCfCxmHxBUs2AGhYAs
Dw40AbD6EesC7Z5Tab5gXDyBhvcVihGfZQWrwFMOkctbwp7ZurDx1J01RSp2Swq3
3YrcNYAOAbXeNS5M0hOq4njs8MTJWMEkgzWcnsOBN7G8Nf81NHrq7hYuY86Y2JPA
WijNe60Z1mI0iqm5knDtstB1Inmd3+yiMDATk6QoE3fCbXu+sovL5wPnygD4aZM=
=RAEk
-----END PGP SIGNATURE-----

--_=XFMail.1.5.0.Linux:20010630150228:23527=_--
End of MIME message