trust paths

Christoph Anton Mitterer calestyo at scientia.net
Sat Feb 28 18:56:13 CET 2015


On Sat, 2015-02-28 at 18:39 +0100, Johan Wevers wrote: 
> OR, in case a key belongs to a well-known person, you've seen it
> mentioned in enough places and seen it used to sign gpg packages to be
> rather certain that if it were a forgery someone would have noticed by
> now and made noise about it.
I'm not sure but I fear you have some deep misunderstanding of
cryptography... or at least that's how I understand your message (but
maybe I confuse something).

"Well-known", "often seen enough" or "not having heard any noise about
it" are absolutely no ways to prove the validity of a key's named
identity.


If there was only one "Werner Koch" on the keyservers, and that key was
signed by thousands of other famous names (Linus Torvalds, and that
like) you still couldn't be sure of anything.
An attacker that MitMs you could just set up a fake web-of-trust in very
little time and when you ask your favourite keyserver, block any of the
"real answers" and instead deliver you his faked key space with all the
mutual signatures and so on.
And you'd think "Only one Werner Koch, with an @gnupg.org email, even
signed by all these other people - that can't be coincidence, some of
the must have checked his ID, and if it was an impostor, I'd surely have
read on heise.de about it" - while in fact no one else than you ever saw
these faked keys.

If the attacker is powerful enough (and this is still way below of what
intelligence agencies can do - rather the level of what your network
provider can do), they can also intercept anything you'd send back to
the web with these forged keys, so they'd truly be never discovered.

Cheers,
Chris.

btw: These kinds of things are just what one can heise accuse of: they
give people an all to easy sight of crypto security, so that they'll
believe things are secure by using one's phone number, or by using
pinning techniques like HPKP.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150228/66bdc18d/attachment.bin>


More information about the Gnupg-users mailing list