security patches

Johan Wevers johanw@vulcan.xs4all.nl
Sat Oct 6 13:30:01 2001


Florian Weimer wrote:


>>> -Klima-Rosa
>> Solved.
> Even for DSA keys?
As far as I know vulnerability to Klima-Rosa attacks was completely solved in GnuPG 1.0.5 and up, but if I'm wrong here please have someone correct me.
> V4 key expiration
> -----------------
>
> Someone who has access to the corresponding secret key can increase
> the life time of a V4 public key without invalidating certificates.
> This is a weakness in the OpenPGP protocol.
So unlikely to be solved in the near futire anyway. However, I consider this more a feature than a problem. This means that if you use a key with an expiration date and consider it still safe on that date, you can simply increase the expiration date without the hassle of getting new signatures.
> Multiple signatures
> -------------------
> Multiple signatures on the same document are not correctly verified
> and can lead to false positives.
>
> Detached signature
> ------------------
> When requested to verify a detached signature against a document, even
> a non-detached signature with an embedded document can give a positive
> result.
These were not mentioned, but these were GnuPG-only bugs which are solved in the latest versions (I thought they were solved in 1.0.4-1).
> Trust import
> ------------
> Ordinary key import might introduce trusted keys without user
> intervention.
Isn't that the whole point of assigning trust values to other people's signing anyway? Or am I misunderstanding the trust model here? If you don't want that, don't tell GnuPG that you don't allow other people's signatures as significant.
> V3 secret key import
> --------------------
> The MPI syntax specification in OpenPGP excludes leading zero octets,
> but these can occur nevertheless in V3 secret keys. Some implementations
> cannot import such keys. (This is not a security problem, but a
> reliability problem.)
So this one not really belongs in this list. It's just a bug, some things won't work, but will not lead to false signatures or allow other people to decrypt am encrypted message.
> Exportable local signatures
> ---------------------------
> Signatures on V3 keys marked non-exportable are not properly
> generated so that they are exportable nevertheless.
Doesn't the whole issue of non-exportable signatures not depend on the implementation not exporting them anyway? I.e., is it possible to export such a signature which is correctly generated anyway with a hacked version of gpg? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html