Create Subkey Binding

David Shaw dshaw@jabberwocky.com
Fri Jan 24 17:27:17 2003 

On Fri, Jan 24, 2003 at 09:28:38AM -0600, Richard Laager wrote:
> David Shaw wrote:
> > Let me make sure I understand what you are trying to do - you have
> > a secret/public keypair that has no subkey binding, so you want to
> > add a binding to the subkey so you can use it.  There is no easy
> > way to do this, as GnuPG obviously wants to reject an
> > invalid/corrupt subkey. You'd have to patch the code to override
> > the checks and force GnuPG to put a binding signature in place.
> 
> Yes, that's what I want to do.
> 
> > I took a look at s-mail.com, and it looks rather similar to
> > hushmail. Was the key generated by s-mail.com and exported to you? 
> > Subkeys
> > without bindings are not at all secure since any random person can
> > insert one and become a man in the middle.
> 
> Yes, it seems similar to hushmail in concept. I've never used either
> of them before yesterday. The key was generated by a Java applet on
> my machine and sent to s-mail via SSL. All client/sever transactions
> are encrypted by SSL. I went to their export secret key page, and it
> gave me a PGP keyring (.skr file).
> 
> I'm not really too interested in using s-mail. I'm perfectly capable
> of doing PGP messages the way I have been. However, a contact of mine
> has created an s-mail account and I'm interested in exchanging
> encrypted and signed mail with him.
> 
> I realize that subkeys without bindings are insecure. However, in
> this senario, a MITM attack isn't needed. To replace this file as I
> was downloading it probably means they have access to my secret key
> anyways. And, if they've broken the SSL to do that, they also have my
> passphrase that I sent to s-mail in the same transaction.

Not a MITM with you receiving the secret key - a MITM between the rest
of the world and you during use of the public key.  If your key has no
subkey binding, then anyone in the world can (for example) upload a
new subkey to a keyserver.

In any event, both GnuPG and PGP will properly refuse to use the
corrupted key.  I think you need to get the s-mail people to fix the
bug.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson