Signing signature policies required for safe key usage?
mailinglisten at hauke-laging.de
Thu Mar 10 13:56:53 CET 2011
this is not gnupg specific (though one could think of new feature making this
point more comfortable, of course...).
I often read on this list: "You need a valid signature of a validated key.
Everything else is more or less useless." I would like to push this a bit
further by questioning the worth of a valid signature.
A signature itself does not say much except that the one who created it had
access to the secret key. The biggest threat to the security of OpenPGP is the
security of the secret keys and obviously there is a wide range of key
security. This "must" be the case as security is strongly related to
Different signatures are supposed to offer different levels of security
(against the secret key to be compromised). In order to reliably use OpenPGP
you need to know the security level a certain key has. As long as there is no
standardized way to express this (you may remember my occasional statements
about that which never get any response...) this can be done by publishing the
respective signature policy only. Fortunately OpenPGP makes this easy by
adding a policy URL to a signature.
Probably every signature policy document is signed by the key it refers to.
Why should you trust it otherwise?
After this foreword now my point: Such a document (signed by the respective
key only) is IMHO useless for any security requirement above minimum level.
Why? If the key becomes compromised (which is quite possible for minimum
security keys) then the attacker can easily write and sign whatever signature
policy he wants. "This is a low security key which I use for signing all my
emails and reading encrypted mail from public systems." becomes "This key is
stored on a smartcard and used in a high security environment only."
Thus I think that we should not only certify other people's keys but also sign
the respective signature policy document. You trust the key because it has
valid signatures by other keys you trust. You can analogically trust a policy
document because an attacker would not only have to steal the respective
secret key but also all secret keys for the signatures you demand to accept
the policy document as valid.
Maybe anyone wants to comment on that... :-)
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users