gpg --check-sigs should indicate if a signature is made by a revoked/compromised key

Grant Olson kgo at grant-olson.net
Wed Feb 9 21:27:13 CET 2011 

On 2/9/11 3:00 PM, Daniel Kahn Gillmor wrote:
> gpg --check-sigs produces information about whether a certification was
> revoked, but not whether the certification was made by a key which
> itself was revoked.
> 

The man page does say that this is intentionally not done for
performance reasons:

--check-sigs
       Same as --list-sigs, but the signatures are verified.  Note that
       for performance reasons the revocation status of a  signing  key
       is not shown.  This command has the same effect as using --list-
       keys with --with-sig-check.

> Consider this scenario:
>
> Alice has key A, and Bob has key B.
>
> Alice's key gets compromised by Mallory.
>
> Alice notices the compromise, and revokes her key, indicating that it
> was compromised.
>
> Mallory makes a new key, M, attaches Bob's user ID to it, and makes a
> certification over (Bob,M) with key A.
>
> Charles knows Alice, and wants to communicate with Bob.  He fetches key
> M, and runs "gpg --check-sigs Bob", which shows Alice's signature.
>
> The output of --check-sigs shows no warning that A has been revoked
> (marked compromised).
>
> Maybe gpg should emit the same "X" that it currently emits for revoked
> certifications as it does for certifications made from revoked (or at
> least revoked-due-to-compromise) keys?

But shouldn't a user let the trust calculations do their magic and break
the WoT to Bob's key once Alice's key has been revoked?  Before the key
was valid because Alice had full trust, now it's unvalidated because
Alice's key is revoked.

It seems like this attack only works if you ignore the WoT and
explicitly start signing keys X-degrees-of-separation away without
proper verification.  (Not that I'm saying I can't conceive of real
people doing this.)

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110209/ceff18a5/attachment.pgp>

More information about the Gnupg-users mailing list