Call me crazy, but ...
Brandon Anderson
brandon753.ba at gmail.com
Thu Jul 15 02:43:40 CEST 2021
>> On 14 Jul 2021, at 23:52, Стефан Васильев via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>
>> It would tell me as 3rd party that for WoT puposes, if this is still used,
>> Alice and her good friend Bob were able to sign their pub keys remotely,
>> based on a free of charge verification method.
> That’s what ordinary third-party sigs do. Adding medical data to a public key does not add anything to the process.
>
> You should also beware that medical information is treated as sensitive personal data under GDPR, and this subject to stricter rules. Keyserver operators already have enough legal issues handling ordinary personal data (email addresses etc) without adding vaccination certificates to the dataset.
>
> A
I would argue what he is proposing doesn't do that at all. It is like
publically posting a password to your google account and telling people
they can verify it is your account by trying to sign in! Once you send
your 'proof of identity,' anyone can make the same claims even if you
are not sharing this on a keyserver. It's made worse by this being
something I expect people will be sharing to prove vaccination, so it
will likely have many potential areas to be copied. If you tell me you
have not shared it with anyone yet, that still means nothing because you
could be impersonating the persons whose QR code you already received
from an earlier exchange. Even if this was not the case, and it indeed
was a verifiable secret never shared with anyone, it does not verify the
identity of the public key owner because it's susceptible to a simple
man-in-the-middle attack.
Assume Bob wishes to prove his ownership of public key pub_bob to Alice.
Bob and Alice are communicating in a way compromised by Eve. Bob affixes
his Vaccine QR code to a public key and transmits it to Alice. On route
to Alice, Eve intercepts the public key, generates a key pair
Pub/Priv_eve, adds bobs QR code to the public key Pub_eve, and sends it
to Alice. Alice sees Pub_eve with Bob's QR code and concludes that
Pub_eve is owned by Bob and signs it as verified.
Again, this is not a secure way to verify identity. Do not do this. It
is considerably worse than just having a public key exchange over the
phone/video call because it gives others a way to impersonate you. If
you wanted to have a video call over the internet and show "proof of
identity" over that call and that was sufficient for you, then fine, but
whatever you do, don't attach your proof of identity to the public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 15950 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210714/464e7fb6/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210714/464e7fb6/attachment.sig>
More information about the Gnupg-users
mailing list