On 2015-11-18, at 15:04, Uwe Brauer wrote: > > That came out wrong, then. Part of my problem would be to figure > > out the “real” e-mail address of “Ed Snowden”. If you registered > > the fresh e-mail address “[email protected]” and uploaded a > > matching key to usual keyservers, then I might fall for that. No > > special attack skills required. > > Correct but this applies to smime and gpg.
I’ll refer to this point below. > [...] > > For me as malicious CA (or intruder into a CA) there is no reason to > > steal the private key as I could generate a certificate with > > matching private key in your name for your e-mail address, which is > > “trusted”. Then I could send signed e-mails in your name. That > > alone might get you into trouble, but you might receive responses > > that alert you about some ongoing attack. If I was a powerful > > attacker, able to replace e-mails on the way, I could additionally > > re-encrypt (modified) responses to your real certificate (or drop > > messages entirely), and you would never know I was there. > > > If I cannot replace e-mails on the way, I can still send “trusted” > > signed e-mails in your name and tell the recipients to switch to > > different e-mail addresses with “trusted” certificates. Then, > > again, I can re-encrypt responses to your real certificate and > > e-mail address. > > But in all of these scenarios you need to hack the email account. It is > not sufficent just to use a linux smptmail server and manipulate the > form field. You also have to intercept the reply. No, please re-read the paragraph starting with: “If I cannot replace” > I don't see much of a difference between > > - the pgp scenario: to place a falsified pgp key on a server > > - the smime scenario: to crack a smime certificate by breaching a > CA (which is more difficult that placing a falsified pgp key). I agree to your above statement “Correct but this applies to smime and gpg.” Thus, I consider the following attacks to be comparable: Upload some OpenPGP key and register some S/MIME certificate. However, newbies are warned not to trust downloaded OpenPGP keys, while I’m not aware of similar warnings for “trusted” (signed) S/MIME certificates. > Again the question was is smime easier to use. No. The question was whether someone on this list uses S/MIME with OpenSSL and would object to a change of defaults to epg. The current topic is “Trust and public keys.” I changed that in response to your e-mail where you stated: “Keys signed by these authorities have to be trusted 100 \%.” The ensuing discussion helped me to see clearer: There are S/MIME certificates that have been issued without checks (except ability to receive e-mail), which I find ridiculous given the goal of certification. The situation is even worse than I thought initially. Best wishes Jens _______________________________________________ info-gnus-english mailing list [email protected] https://lists.gnu.org/mailman/listinfo/info-gnus-english
