TOFU

Stefan Claas stefan.claas at posteo.de
Fri Jun 30 20:01:50 CEST 2017


On Fri, 30 Jun 2017 18:38:45 +0200, Peter Lebbing wrote:

> Somebody could put their own public key in your keyring, assign that
> Ultimate trust, and then certify another public key they wish to pop
> up as valid. Ultimately trusted keys make other keys valid by their
> certification. There is no way to see any difference between a key
> that is fully valid because your own ultimately trusted key signed it
> or because the attackers ultimately trusted key signed it. And since
> the ultimately trusted key of the attacker isn't the one doing data
> signatures, your "alternative colour" will not trigger.

Correct. But what i mean was an attacker would replace on of my pub
keys (which i signed) with one he/she only replaced with one that
has only the Trust Level set to Ultimate, resulting in both keys
showing up with a green bar.

According to (i'm no programmer) RFC 4880 OpenPGP Message Format:

https://tools.ietf.org/html/rfc4880

5.2.3.13.  Trust Signature      	Page 30

5.10.      Trust Packet (Tag 12)	Page 47

Those are imho two different things and therefore should not be
handled with the same color output.

Regards
Stefan




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digitale Signatur von OpenPGP
URL: </pipermail/attachments/20170630/9399fbd0/attachment-0001.sig>


More information about the Gnupg-users mailing list