Create Subkey Binding
Richard Laager
rlaager@wiktel.com
Fri Jan 24 18:31:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Shaw wrote:
> On Fri, Jan 24, 2003 at 09:28:38AM -0600, Richard Laager wrote:
> > I realize that subkeys without bindings are insecure. However, in
> > this senario, a MITM attack isn't needed. To replace this file as
> > I was downloading it probably means they have access to my secret
> > key anyways. And, if they've broken the SSL to do that, they
> also have my
> > passphrase that I sent to s-mail in the same transaction.
>
> Not a MITM with you receiving the secret key - a MITM between the
> rest of the world and you during use of the public key. If your
> key has no subkey binding, then anyone in the world can (for
> example) upload a new subkey to a keyserver.
Nobody can use the subkey unless it has a proper binding. This is how
it should be. Nobody has the public key yet. S-Mail doesn't publish
them on a keyserver that I've found yet. If I could get the subkey
binding made, then the key would be useable, and I could post it to a
keyserver. However, this is probably a moot point since S-Mail likely
doesn't support encrypted messages arriving from outside their
service.
> In any event, both GnuPG and PGP will properly refuse to use the
> corrupted key. I think you need to get the s-mail people to fix
> the bug.
I've sent them some information on the issue. I don't know what'll
happen, but I did what I could. Unless S-Mail follows my suggestions,
there service is basically a webmail account that happens to use
OpenPGP internally. However, their client is the only thing that sees
the OpenPGP encryption, and so the user can't verify what its doing
anyways. Since the encryption (and signing) are for S-Mail to S-Mail
users only, very little protection is offered over a standard mail
setup.
Richard Laager
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPjF4o231OrleHxvOEQJnRgCeOoMIZJjTclVEJcxRAB8lOe9I3JsAoLj4
w2yz5Q24YFzVV5KJmQciLJhT
=bswx
-----END PGP SIGNATURE-----