Several questions as feedback on gnupg
Fri Jan 25 02:04:02 2002
On Thu, Jan 24, 2002 at 09:30:58PM +0100, Ingo Kl?cker wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Thursday 24 January 2002 02:53, Mike Touloumtzis wrote:
> > I can't see how getting my key from a keyserver is any safer than
> > getting a "specially prepared key" from me. I can upload whatever I
> > want to the keyservers. Can you explain why you believe downloading
> > from the keyservers is safer? Is there material which is relevant to
> > the signing process, not covered by the fingerprint, and not visible
> > in the UID?
> If you upload your key to a keyserver everyone can get it from there.
> Therefore it would be much more dangerous for you to upload a key with
> a wrong UID.
How is it "dangerous"? Because others can see that I attempted to trick
you? Anyone can upload a key to the keyservers with any UID they want.
There is no authentication of uploaders. Thus how can it be dangerous for
me to upload a malicious key? I can just tell you someone else did it.
You could upload a key with UID "Mike Touloumtzis <firstname.lastname@example.org>"
right now. I can't prove you did it, thus there is no risk to you to
try and spoof me.
I'm still not convinced. I believe there is no security difference
between sending you my key directly or via the keyservers. Obviously
the _fingerprint_ must be verified via another channel, though.
> OTOH, if you send me your key and I send the signed key back to you
> then it's just me who knows about this key. And then you could add a
> malicious UID and probably trick my non-OpenPGP-understanding friends
> into signing it because I signed your key. And if I trusted my friends
> maybe marginally (which I obviously should better not) you could
> achieve that your malicious UID was valid for me.
As I see it, because keyserver uploads are deniable, this problem has
nothing to do with distribution and everything to do with the fact that
your friends signed a UID without verifying it. Your friends shouldn't
be trusted unless they know to verify _each_ UID independently.