Several questions as feedback on gnupg

Mike Touloumtzis
Fri Jan 25 02:04:02 2002

On Thu, Jan 24, 2002 at 09:30:58PM +0100, Ingo Kl?cker wrote:
> Hash: SHA1
> On Thursday 24 January 2002 02:53, Mike Touloumtzis wrote:
> > I can't see how getting my key from a keyserver is any safer than
> > getting a "specially prepared key" from me.  I can upload whatever I
> > want to the keyservers.  Can you explain why you believe downloading
> > from the keyservers is safer?  Is there material which is relevant to
> > the signing process, not covered by the fingerprint, and not visible
> > in the UID?
> If you upload your key to a keyserver everyone can get it from there. 
> Therefore it would be much more dangerous for you to upload a key with 
> a wrong UID.

How is it "dangerous"?  Because others can see that I attempted to trick
you?  Anyone can upload a key to the keyservers with any UID they want.
There is no authentication of uploaders.  Thus how can it be dangerous for
me to upload a malicious key?  I can just tell you someone else did it.

You could upload a key with UID "Mike Touloumtzis <>"
right now.  I can't prove you did it, thus there is no risk to you to
try and spoof me.

I'm still not convinced.  I believe there is no security difference
between sending you my key directly or via the keyservers.  Obviously
the _fingerprint_ must be verified via another channel, though.

> OTOH, if you send me your key and I send the signed key back to you
> then it's just me who knows about this key. And then you could add a
> malicious UID and probably trick my non-OpenPGP-understanding friends
> into signing it because I signed your key. And if I trusted my friends
> maybe marginally (which I obviously should better not) you could
> achieve that your malicious UID was valid for me.

As I see it, because keyserver uploads are deniable, this problem has
nothing to do with distribution and everything to do with the fact that
your friends signed a UID without verifying it.  Your friends shouldn't
be trusted unless they know to verify _each_ UID independently.