Q: Local keyring security, attacks and lsign

Stewart V. Wright svwright+lists at amtp.liv.ac.uk
Mon Sep 6 13:38:52 CEST 2004 

G'day Neil,

Forgive me if I am going over ground we've already travelled I really
would like to understand this a little better...


* Neil Williams <linux at codehelp.co.uk> [040903 20:40]:
> As you noted, you got a VALID signature, not a trusted signature. IMHO, a 
> valid signature on the GnuPG code isn't good enough, for exactly the reasons 
> you describe later.
> 
> Your best solution is your personal trust level, not lsign. Later . . 

The difficulty lies when one is unable (or unwilling) to assign a
level of trust to a key other than "I know that this is the key that I
chose to import".

I guess using Werner's key was a bad example of what I wanted to
express.  Let me try again at the end of the message...


> For your peace of mind, my Web of Trust allows me to fully trust
> Werner's key and I get the same fingerprint.

*Grin*  Now all I need to do is trust that you aren't in the group
that's out to "get" me!  :-P


> These trust values are personal and local and no lsign or sign is involved. 
> This, to me, would appear to be your best option. If for any reason you 
> change your mind, edit the trust level of the link key and GnuPG will sort 
> out the rest.

I appreciate the point that you are making here, but surely tweaking
my trust level on keys of people I haven't met means that there is a
possibility that changing the trust so that the end of Chain (I) is
trust worthy might mean that a key in Chain (II) becomes trusted
accidentally.

 (I)  Me > PersonA > PersonB > PersonC > PersonD
(II)  Me > PersonX > PersonB > PersonY

(i.e. I tweak PersonB so that there is enough trust to get to PersonD,
      but then PersonY might become trusted when they wouldn't without
      the added tweaking to achieve the first chain of trust...)

Admittedly I'm not sure if my point above even makes sense......


> > The second is for me to verify the fingerprint each time I check a
> > signature
> 
> With what? You are verifying an untrusted key against a copy of the same 
> untrusted key.

Not exactly.  Looking at previous posts signed by Werner's key would
give me a fingerprint, and _assuming_ that there were no warning
messages about an impostor I guess that there is some amount of
association I could make.


> You still have to be sure that the key really belongs to the physical person 
> reliably identifiable as Werner Koch who has sole access to the private key. 

I think this is a different concept to what I am asking.  The
ownership and association with a particular person of a key is _not_
important.  The association of a key with an entity, be it Werner as a
person, or <fedora at redhat.com> with the group of the Fedora Project is
the issue.

This comes back to the concept that you can trust that all signatures
from a certain key are made by someone with control of that key,
_without_ knowing anything about the ownership of the key.  Someone (a
Deep-Throat for example) may wish their identity to remain unknown,
but publish verifiable messages.  How does one protect a key on your
keyring without having a valid WOT to it?


Take a new gpg user, Alice, installing Fedora Linux for example.  The
CDs contain the Fedora (p)gp(g) key.  Alice checks that the key not
only verifies the packages on the CDs, but that the key has been used
historically (via say Google) for signing messages to mailing lists,
files, or whatever.  There is no indication in any of these sources
that the key does not belong to a reputable RedHat/Fedora source.

However, Alice has no way of connecting the key to her via the WOT as
she's yet to even generate a key of her own.  Alice imports the Fedora
key into her keyring and then uses it to verify various security
patches that have been released...  Alice would love to join the WOT,
but living at the South Pole, LUG meetings are hard to attend!

Alice wants a way to ensure that the key she imported to her key ring
is indeed the one she put there and that Eve hasn't replaced it
somewhere along the piece.


How would she do this?



Cheers,

S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040906/524858e6/attachment.bin

More information about the Gnupg-users mailing list