Houston, we have a problem

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Sep 21 23:05:35 CEST 2017


On Thu 2017-09-21 22:37:38 +0200, Stefan Claas wrote:
> I'm sorry! Let me say one last word. If i would be a programmer of
> software like GnuPG, my software would not allow to receive unwanted
> signatures on my pub key

The way the universe works is that once data is public, other data might
refer to that public data, and even the person who created the first bit
of data can't prevent it.

An OpenPGP certificate is, at minimum:

 * a public primary key K
 * a User ID U
 * a signature from K that binds U to K

Once this data is published, anyone with a different key X can make a
new certification, which also claims that U is correctly bound to K.
This is what "signing a key" means.

Your choice of software implementation can't prevent those third-party
certifications from being produced, nor from being published, nor can it
prevent other people's software from discovering them and making
inferences based on them.

There are some good (and some bad) arguments that software capable of
interpreting OpenPGP certificates should only accept third-party
certifications that the first-party (the party being certified) has
explicitly endorsed, which might come close to meeting your requirement
here.  But no one has spec'ed out exactly how to do that or written such
a constraint, and existing OpenPGP software will continue to exist even
if new (improved) software is developed and distributed.

> nor would it allow that someone else can fake a sig on someone else's
> pub key with my key-id.

If by "key-id" you mean your actual public key, then the cryptography
behind OpenPGP does actually enforce this already.  It's not believed to
be possible to forge an OpenPGP signature from any reasonably strong
modern OpenPGP key.

If by "key-id" you mean the 32-bit long thing like "D21739E9", then
there's no way to cryptographically secure that -- it's just too
low-entropy.  I've written elsewhere about why key ids are bad:

    https://debian-administration.org/users/dkg/weblog/105

Hope this helps to clear things up,

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170921/04476ce6/attachment.sig>


More information about the Gnupg-users mailing list