issues with OpenPGP certificate verification
Daniel Kahn Gillmor
dkg-debian.org at fifthhorseman.net
Mon Apr 21 17:30:57 CEST 2008
Hey Folks--
I just opened a couple tickets concerning what appear to be serious
problems with GnuTLS's OpenPGP certificate verification:
* gnutls-cli continues connection when certificate User ID does not
match hostname (even without --insecure):
http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/31
This is equivalent to accepting a valid TLS certificate from
https://evil.com/ even though the connection was made to
https://good.com/
* gnutls will accept an unsigned UserID as a hostname match as long
as some signed UserID exists:
http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/32
This appears to be a problem with the way that the library offers
information about the UserIDs in the OpenPGP certificates. Since
each UserID in an OpenPGP cert can be signed by 0 or more keys
(other than the primary key), there needs to be a way to check the
validity of specific UserIDs, not just the certificate as a whole.
As usual, if you want more details, just post to the tickets, and i'll
provide whatever help i can.
I'm excited to see the library offering OpenPGP features for TLS, but
these problems are significant security concerns. i want to make sure
that the first major implementation of this extension is secure!
Thanks for all the work on this,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080421/de6ca473/attachment.pgp>
More information about the Gnutls-devel
mailing list