WKD proper behavior on fetch error

Stefan Claas spam.trap.mailing.lists at gmail.com
Tue Jan 19 17:05:48 CET 2021 

On Tue, Jan 19, 2021 at 2:36 AM Ángel <angel at pgp.16bits.net> wrote:
>
> On 2021-01-17 at 23:43 +0000, Stefan Claas via Gnupg-users wrote:
> > I encountered only one MITM attack a couple of years ago so far, from an
> > SKS user. He was a retired police officer from Austria, who contacted me.
> > But what you say I was thinking about as well. My proposal was to include
> > in the policy file fingerprint(s) of key(s) and generate an .ots file, from
> > opentimestamps.org, from the policy file and put that .ots file somewhere.
> > In the old days it was common, prior starting encrypted comms to compare
> > fingerprints over other channels.
>
> If you can safely publish that ots file, you could as well publish your
> openpgp key in the same place.
>
> And if you are exchanging fingerprints over a separate, secure channel,
> you can use that to directly verify/fetch the key.
>
>
> (It often makes sense to publish it in many redundant ways, but
> strictly it _shouldn't_ be needed)

My thinking is the following, if there would be a consensus for
this by the OpenPGP community, after discussing this, while
currently not breaking the specs, it could be arranged like thisl:

The submitting part of an policy file, containing the fingerprint(s)
can be done even on a compromised online computer, because
the policy file is immediately accepted by opentimestamps.org
and others and then included in the Bitcoin blockchain.

As suggestion, for easy implementation,, for WKD clients,
could be that then the policy.ots file is placed in the same
directory the policy file resides.

A policy file could look like this, with remark lines at the
beginning:

# WKD policy for sac001.github.io
# Maintainer: Stefan Claas, stefan at sac001.github.io
# Updated: current date of last update.
fingerprint #1
fingerprint #2
etc.

A WKD client could then fetch  with an additional --all
parameter all three files and save them in the current working directory,
e.g pub key, policy file and policy.ots, thus allowing a
WKD users to quickly check, if desired, to compare
the downloaded data with the sha256 hash at opentimestamp.org
and others.

To make it for Mallory harder to exchange the whole directory
a WKD user could for example put in his MUA/NUA .signature
file the following:

WOH sha256 hash. instead of gpg pub key availabe at etc.

WOH = WKD-OTS-Hash

And a WKD client could do this as CLI app:

wkd get [--all] alice at example.com

Well, only a proposal.

Best regards
Stefan

More information about the Gnupg-users mailing list