Trust reference

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Nov 14 22:39:38 CET 2009 

On 11/14/2009 01:45 PM, Susan Stewart wrote:
> I'm filing a bug for my IM client (Gajim) because it currently only
> allows sending of encrypted and/or signed presence or messages to
> contacts whose keys I trust ultimately (trust level 5).  The
> documentation at http://gnupg.org/gph/en/manual.html#AEN346 appears out
> of date, as it does not mention level 5 (ultimate trust) at all.

If Gajim is doing this, you're quite right to file a bug about it.

Gajim should not be using any ownertrust designations (ultimate or
otherwise) in its decisions about who to send encrypted messages to.
Ownertrust has a very specific semantic meaning:  it answers the
question "how much do i trust OpenPGP certifications made by this key?"
Conflating that meaning with other semantics (like "should i send this
person encrypted IM messages?") is guaranteed to be wrong in many cases.
 Even worse, encouraging people to set any sort of ownertrust for the
sake of doing something unrelated to the trustworthiness of a given
keyholder's certifications is actively bad from a security standpoint --
it encourages people to adjust their tools to accept certifications that
they otherwise would not accept.

Calculated validity is related to (but quite different from) ownertrust.
 Calculated validity says "do i believe that this key really belongs to
the person identified by the User ID?"

It would be reasonable if Gajim wanted to use the calculated validity of
a key/userid to determine whether to encrypt messages with the key when
sending to a remote party identified by the User ID.  After all, if you
don't know if a given key really belongs to the person you think you're
talking to, encrypting to that key is meaningless.  It's meaningless
because someone masquerading as the remote party could control the
dubious key, and then your encryption *doesn't* do the job of hiding the
message to anyone but the intended recipient.  Gajim (quite reasonably)
wouldn't want to let the user think they were encrypting messages that
could actually be intercepted.

Feel free to forward any of this to your bug report if you find it useful.

> Is there some other reference that I could link in my bug to show that
> ultimate trust should really be reserved for one's own keys, and that
> it isn't wise to ultimately trust the key of every Alice, Bob, and
> Mallory one would like to try encrypting a message to?

Unfortunately, i don't know of good detailed references describing these
concepts.  DETAILS (from the gnupg source) doesn't have much to say
about "ultimate", though it seems like a reasonable place to look.  If
no one else can point to good docs, we should write some.

Regards,

	--dkg

PS just what does ultimate ownertrust mean?

Ultimate ownertrust is a superset of full ownertrust.  Full ownetrust
says "Assuming i calculate this key to be valid (to have successfully
calculated validity over at least one user ID on the key), any
certification made by this key is to be considered acceptable for
further validity calculations."  Ultimate ownertrust removes the
requirement for the key to be already-valid in order to trust the
certifications.  It's the OpenPGP equivalent of X.509's "Trusted Root
Certificate Authority", and it's probably *not* what anyone wants for
most keys.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091114/26a08107/attachment.pgp>

More information about the Gnupg-users mailing list