Signing signature policies required for safe key usage?

Hauke Laging mailinglisten at hauke-laging.de
Thu Mar 10 13:56:53 CET 2011


Hello,

this is not gnupg specific (though one could think of new feature making this 
point more comfortable, of course...).

I often read on this list: "You need a valid signature of a validated key. 
Everything else is more or less useless." I would like to push this a bit 
further by questioning the worth of a valid signature.

A signature itself does not say much except that the one who created it had 
access to the secret key. The biggest threat to the security of OpenPGP is the 
security of the secret keys and obviously there is a wide range of key 
security. This "must" be the case as security is strongly related to 
comfort/usability.

Different signatures are supposed to offer different levels of security 
(against the secret key to be compromised). In order to reliably use OpenPGP 
you need to know the security level a certain key has. As long as there is no 
standardized way to express this (you may remember my occasional statements 
about that which never get any response...) this can be done by publishing the 
respective signature policy only. Fortunately OpenPGP makes this easy by 
adding a policy URL to a signature.

Probably every signature policy document is signed by the key it refers to. 
Why should you trust it otherwise?

After this foreword now my point: Such a document (signed by the respective 
key only) is IMHO useless for any security requirement above minimum level. 
Why? If the key becomes compromised (which is quite possible for minimum 
security keys) then the attacker can easily write and sign whatever signature 
policy he wants. "This is a low security key which I use for signing all my 
emails and reading encrypted mail from public systems." becomes "This key is 
stored on a smartcard and used in a high security environment only."

Thus I think that we should not only certify other people's keys but also sign 
the respective signature policy document. You trust the key because it has 
valid signatures by other keys you trust. You can analogically trust a policy 
document because an attacker would not only have to steal the respective 
secret key but also all secret keys for the signatures you demand to accept 
the policy document as valid.

Maybe anyone wants to comment on that... :-)


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/07beae14/attachment.pgp>


More information about the Gnupg-users mailing list