Hi Daniel, gnupg-users, * Daniel Kahn Gillmor <d...@fifthhorseman.net> [25. Aug. 2010]: > On 08/25/2010 12:18 PM, thomas weidner wrote: >> Some sources on the web suggested leaving a message in the old >> key which states that the key is not used any more. to do this >> i binary edited a gpg files and uploaded the modified old key >> to the keyserver again. the result looked promising: >> http://pgpkeys.pca.dfn.de/pks/lookup?op=vindex&search=0x6260AB5E079E8AA6 >> >> Is this a security risk? I could do this for any key and leave >> wrong messages on the key server which point to some other key. After >> a discussion on #gnupg i was told that gpg will not import the added >> user id because the signature is wrong. while this is great for >> security the key server still shows the user id. is it a bug in the >> key server, that it does not check new data for validity? > > keyservers do no cryptographic verification whatsoever. I think this is > (historically) for several reasons: > > 0) the clients receiving the OpenPGP certificates need to verify the > material anyway, and > > 1) adding the cryptographic checks to the keyservers is a non-trivial > amount of work, and > > 2) there is no guarantee that the keyservers will support any specific > cryptographic protocol. For example, as elliptic curve keys get rolled > out for OpenPGP, what should cryptographic-capable (RSA, DSA, and > ElGamal) keyservers do with such new keys? what should they do with > certifications over old keys made by such keys? And > > 3) With the exception of self-signatures, it's entirely possible that > the keyserver does not have a copy of the issuer's key, and so can't > compute the validity of the signature in the first place.
But the selfsig would be enough to verify the legitimacy of new user ids. > So: is this a cryptographic risk? no, not for clients who verify things > on their own. Doesn't this open a denial of service attack vector on OpenPGPs PKI infrastructure? I could binary edit your key, the key server adds its. Your correspondent is then not able any more to import your key from the server... > Is it a risk of cruft accumulating in the keyservers? > yep. Does it mean you shouldn't trust the information you see published > in a keyserver web page without fetching the keys and verifying them > locally? yes, but that remains true whether or not you believe that the > keyserver is implementing cryptographic checks, as the keyserver itself > could be compromised. > > On balance, i think we should probably start considering adding crypto > to keyservers, with the knowledge of these particular constraints. But > it's not there yet. > > As always, i'd be happy to hear other people's perspectives on this stuff. > > --dkg > > [0] http://tools.ietf.org/html/draft-jivsov-openpgp-ecc-05 > Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
