TOFU

[Stefan Claas]

On Wed, 21 Jun 2017 19:02:26 +0200, Peter Lebbing wrote:
> On 08/06/17 22:33, Stefan Claas wrote:
> > I did a test today with Enigmail and with TOFU in command line mode.
> > I posted 3 messages with a fantasy name to a Usenet test group where
> > the 3rd message was signed with a fake key and Enigmail showed me
> > this:
> > 
> > UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
> > Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:07
> > 
> > UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
> > Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:08
> > 
> > UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
> > Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:17
> > 
> > (It's the usual message under macOS with the blue bar. Note: with
> > auto key retrival on.)
> > 
> > Then i downloaded all messages run them through GnuPG and on the
> > first message TOFU already told me that there are 3 equal email
> > addresses!  
> 
> I don't understand what you mean by "there are 3 equal email
> addresses". I don't know what you expected either. But I spent some
> time doing a little test of my own. Hopefully by reading along with
> what I did, it becomes clear how stuff works and to what extent
> Enigmail can already work with TOFU even though it doesn't really
> support it.
> 
> TL;DR: Enigmail can correctly identify "genuine" signatures by
> awarding them a green bar with "Good signature". Fakes can be spotted
> by the fact they only get the blue "UNTRUSTED Good signature".

[snip]

> I hope this has given you some more insight into how it works!

What i mean with my example is: As you can see there are 3 messages
with the same email address "em at example.com" The third message was
signed with a key having a fake 32bit key-id, which was generated
with scallion.

Technically spoken Enigmail showed all three messages as "Untrusted
Good Signature from Ernst Mustermann etc. , because i have not signed
the first key locally, to get for the first two messages a green bar
in Enigmail.

Had i used TOFU in CLI mode then of course TOFU had detected that the
third message is not done with the first key, used for the previous
two messages.

What i mean also with this example is that if people do not sign a
key locally after the second message, from people they do not know
personally, they may have a surprise in Enigmail when receiving the
third message.

This assumes auto-key-retrieve is on. Sure when replying to the third
message the user may be warned because now he/she should have two
public keys in his/her keyring.

To be fair, Ludwig announced the update to 64bit key-id's in Enigmail,
so that this issue should be gone by then.

Regards
Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digitale Signatur von OpenPGP
URL: </pipermail/attachments/20170621/8ab3b8cd/attachment.sig>