TOFU

Peter Lebbing peter at digitalbrains.com
Fri Jun 30 20:35:48 CEST 2017


On 30/06/17 20:01, Stefan Claas wrote:
> Correct. But what i mean was an attacker would replace on of my pub
> keys (which i signed) with one he/she only replaced with one that
> has only the Trust Level set to Ultimate, resulting in both keys
> showing up with a green bar.

And to mitigate this situation, you proposed to colour ultimately trusted keys
differently when they are used to sign a message. You proposed this several
times in different messages.

So let's say your key is A, it's ultimately trusted. And you verified someone's
key and signed it; this is key B. Data signatures by key B show up as valid with
a green background.

Now consider the attacker. You say: he could inject key C, assign ultimate trust
to key C and send me messages signed by key C. They would show up as valid. You
want them to have a different colour.

But instead of that, the attacker could also inject key C into your public
keyring and assign ultimate trust to it, and use this key C to certify another
key D. The attacker then sends messages signed by key D, and since this key is
certified by an ultimately trusted key (C), they will show up as valid with a
green background.

As key A made data signatures by key B valid and green, key C makes data
signatures by D valid and green. The situation is the same.

> 5.2.3.13.  Trust Signature      	Page 30

Let's not get into trust signatures, they are a different beast entirely and not
pertinent to this discussion. It would just make it even more complicated, and
we're having some communication hurdles already. Trust signatures are used to
delegate what you normally do by ownertrust to another person, which is
sometimes used inside organizations.

HTH,

Peter.


-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170630/c522aab7/attachment.sig>


More information about the Gnupg-users mailing list