Re: TOFU for GnuPG

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Friday 30 October 2015 at 12:09:51 PM, in
, Neal H. Walfield wrote:



> The user ids are used.  These are authorative.  If
> there are N user ids, then N bindings are maintained.

Presumably if no user-id contains a readable email address, no binding
is stored at all.



- --
Best regards

MFPA  

Reality is nothing but a collective hunch.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJWOMWoXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwCvkIAIleMBEeFtnLDizhbWL+U3lZ
iuw/1MFvlXPxI88R45p8u7c2DyYKII78jIGL2JbJBuaE/cJ/kc/WFsArGP+lO53W
YU+7etSFyIMr15Ykn/VxgfS5hqqDLwJ5XGoxs8BHV35XZAu9SjeS+IszEDJBQ5Er
0OdlVGwTTCe+a2eGbkrv8sCy6t4b92WrvW6ag+XDYlvDNugh3w4ThXujqNvldG6r
IdW54XZNnnFjjrQwUTCh5L4lM1A87RlhEJSXLyReJ/czVYJTSO9bUvplPayzv3Qe
uuNJ69Kr2YD16e6/6yrXKkkkfP+RrlYUmhDSEREXwRbCSjay8LspUdNemd+wRaOI
vgQBFgoAZgUCVjjFrV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45AsVAP9GUe9libeqGSVR/ZsCO1VJ7qaQ
070CM1961MKO8UdXCAD/eH9JEuNZthJMZAqW9JaWq69kMYb1RqJs7w6+BNZFPAo=
=XoMO
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Andre Heinecke]

Hi Neal,

On Tuesday 03 November 2015 15:57:05 Neal H. Walfield wrote:
> > I don't fully understand why you need formalized transition statements.
> > Couldn't you just treat Key / UIDs that are signed by each other as "two
> > valid keys for this UID"?
> > 
> > So when I transition to another key I just sign it with the old key and
> > GnuPG can detect that and not show a warning about it?
> > 
> > This would also solve the problem that some users may have multiple keys
> > with the same UID's which are both valid.
> 
> This could work if both keys are available locally.  If you need to
> look up the new key, this is not so easy.

Don't we need to lookup the new key anyway to make validity decisions? Until 
then we assume "Unknown" trust.

Well I can see that one of the features of Tofu is that Unknown trust should 
no longer be presented to users but in that case we could add auto-key-
retrieve? :-)

> Another problem is that this assumes that the new key has the exact
> same user ids.  Oftentimes some emails will have been dropped or the
> person's name changed (e.g., marriage, new title, etc.).

You have lost me here. Why does it assume that? 

- I send you lots of mails as aheine...@intevation.de signed with C97822F5
- Now I send you once a mail as aheine...@intevation.de signed with 58BD45EC 

-> You can check if C97822F5 signed the User ID aheine...@intevation.de on key 
58BD45EC. It has. So you can assume the new Key is also valid for that UID.

Any new UID's on this key will have to be treated as first contact ID's. If the 
new key has less UID's I don't see a problem at all.

Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 3 November 2015 at 2:38:04 PM, in
, Neal H. Walfield wrote:


> In this case, we store the whole user id (lower cased).
> Only if the user id is the empty string do we not store
> a binding.


How will TOFU react if a key for which bindings are already stored
acquires a new UID?


- --
Best regards

MFPA  

The trouble with words is that you never know whose mouths they've been in.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJWONBuXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwHZgIAJyf6mWrWI2b8QiAvyfWBq7L
5yM/jB3VzN7aWMeRndRzfipTsqT/mzsdea5bGgBDetxHgPlHjSyTPuSeifEglqft
wFwiQR1pISUuHsom/HTkiymZqUr+EJCnbQAFVjhX0FoWm78iXnKNhRMP9qhtKuo8
FayHf+VMQUyWxGdVOVSSWfadge2qRLli2sEapwULbxj3sf9hY8V6j0f4HEcfu3cG
BTgfg4JpywrCKhIpEjSnsZWXZ99EKLkB9KGPktvD9sPSEoIQEU7atWzqF/+RYIyB
q/yNmV7NXniZVgvFI9zR0P6xUBzU5ZY705anafUX4J4mqwyyzBWd6ikHgSJnbu6I
vgQBFgoAZgUCVjjQdV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45ORNAQDYPEHUMsWGXo5fnSpQ/aOi6SoA
m5UiHu/rQZE2ZQM9qgEAp3k+JhqGrLfEsL5u8taOk10x6W8nUXqC5A2K01EBGgE=
=gIRv
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 3 November 2015 at 3:29:02 PM, in
, Neal H. Walfield wrote:


> The bindings are between user id and key.  So, a new
> binding will be created.

Will it flag up to the user that it is creating a new binding for a
known key? Or will there only be a prompt in the case that the new uid
matches one already stored in a binding to a different key?


- --
Best regards

MFPA  

Of course it's a good idea - it's mine!
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJWONSiXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwsF0H/2+mgi3ziNoZjQQ1SC0PRGoX
JFKS4K2Q8YurNmCwJHVgMbNxvJDRKHngtJwtVvmcGTxSQQqtNM62SaoWJI3ecCBg
t3YoKjf2PRcRJZiKmbNIEWZtIHserykjVtq5dXQYf/1AmxyVuUfgtRDw++e7swqN
OO9q7CDTBDAQR8q1FLkGDHBJTrw3OBDdhxbNTv6FfaysNruAZqql7Od4VszhOfhK
lMuSZBF/UtNyRiPj3rANN4Ske0vhbc25EBy11KZy1D54QqI3Ou+hCVALordSvos4
KZYYwgOdVFSUFsEyw9y4Ah+xrnusWBUwrDjE906e34OVm+LEShgua3Qr9c/sqYiI
vgQBFgoAZgUCVjjUol8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45FfvAQCmZYAypnKeGWV9ECEc7ztM7Bi3
BkWCXZ/8wQpmNRQyZgEAhefHRAmNIR9esTrgiNSmrtmDsdkjHNJn7UShfdEqbAw=
=zKox
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Neal H. Walfield]

At Tue, 3 Nov 2015 15:37:06 +,
MFPA wrote:
> On Tuesday 3 November 2015 at 3:29:02 PM, in
> , Neal H. Walfield wrote:
> 
> 
> > The bindings are between user id and key.  So, a new
> > binding will be created.
> 
> Will it flag up to the user that it is creating a new binding for a
> known key? Or will there only be a prompt in the case that the new uid
> matches one already stored in a binding to a different key?

It will only flag an error if there is a conflict.

Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Neal H. Walfield]

At Tue, 3 Nov 2015 15:18:57 +,
MFPA wrote:
> On Tuesday 3 November 2015 at 2:38:04 PM, in
> , Neal H. Walfield wrote:
> 
> 
> > In this case, we store the whole user id (lower cased).
> > Only if the user id is the empty string do we not store
> > a binding.
> 
> 
> How will TOFU react if a key for which bindings are already stored
> acquires a new UID?

The bindings are between user id and key.  So, a new binding will be
created.

Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Neal H. Walfield]

At Tue, 03 Nov 2015 16:10:24 +0100,
Andre Heinecke wrote:
> Don't we need to lookup the new key anyway to make validity decisions? Until 
> then we assume "Unknown" trust.

In the verify case, yes.  But what about the sign case?  We just see
that the old key has been revoked, but we don't know what the new key
is.

Thanks,

:) Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Neal H. Walfield]

Hi,

At Tue, 03 Nov 2015 16:56:27 +0100,
Andre Heinecke wrote:
> On Tuesday 03 November 2015 16:34:39 you wrote:
> > At Tue, 03 Nov 2015 16:10:24 +0100,
> > 
> > Andre Heinecke wrote:
> > > Don't we need to lookup the new key anyway to make validity decisions?
> > > Until then we assume "Unknown" trust.
> > 
> > In the verify case, yes.  But what about the sign case?  We just see
> > that the old key has been revoked, but we don't know what the new key
> > is.
> 
> I assume you mean the encrypt case (I don't see how this affects sign)? But 
> still I don't see a problem there. If you don't have a valid key to encrypt 
> to. You need to get a different key. How is the trust model involved in that?
> 
> Once you have that new key you can do the UID / Signature checks I suggested.

You're correct, I meant the encrypt case.

Let's say you want to send an email to Alice and she has revoked her
key.  Best practice dictates that you should run something like
Parcimonie to keep your keyring up to date.  So, let's assume that
Parcimonie has also updated Alice's key.  Now, when you try to encrypt
an email to Alice, GnuPG won't let you, because the key is revoked.
The question then becomes: how do you discover her new key?  If we had
a machine readable field, as I propose, GnuPG could tell you the new
key id and even automatically fetch it for you.  If we are using
signature cross checking, then GnuPG can't help the user, because the
new key is necessarily available locally.

Note: the trust model is not relevant here.  The issue of determining
the new key is only relevant insofar as the TOFU code can suppress
spurious conflict messages if it has this information.

Thanks,

:) Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating 4096 bit key fails – why?

[NIIBE Yutaka]

On 11/02/2015 06:40 PM, Felix E. Klee wrote:
> On Mon, Nov 2, 2015 at 3:04 AM, NIIBE Yutaka  wrote:
>> It failed when gpg frontend tried to change the key attribute for
>> RSA-4096.
>>
>>> […]
>>
>> Do you happened to have (and run) old scdaemon of 2.0?
> 
> Unfortunately that doesn’t seem to be the explanation. After starting
> `gpg --card-edit`, I checked which version is running, and it’s 2.1.9:

Thank you.  It found it's my mistake.

I reproduced this bug in my environment.  I don't know the reason why
it worked well for me, perhaps I tested with spare space between
arguments when I did with gpg-connect-agent.

Here is a fix.  It will be in the next release.

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c5a9fedba66361ddd9f596528882750068543298
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Neal H. Walfield]

Hi Andre,

At Fri, 30 Oct 2015 13:23:14 +0100,
Andre Heinecke wrote:
> On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote:
> > At Thu, 29 Oct 2015 18:48:43 +0100,
> > 
> > Johannes Zarl-Zierl wrote:
> > > Out of curiosity: Does the TOFU implementation for gpg already allow for
> > > key transition statements / is this planned for some point in the future?
> > Unfortunately, it doesn't.  This is because there is currently no
> > standard way to communicate the id of the new key.  I've proposed a
> > solution for this for the next OpenPGP version, which is currently
> > being work on.  There appears to be some interest, but unfortunately I
> > haven't had time to work on that recently.
> 
> I don't fully understand why you need formalized transition statements. 
> Couldn't you just treat Key / UIDs that are signed by each other as "two 
> valid 
> keys for this UID"?
> 
> So when I transition to another key I just sign it with the old key and GnuPG 
> can detect that and not show a warning about it?
> 
> This would also solve the problem that some users may have multiple keys with 
> the same UID's which are both valid.

This could work if both keys are available locally.  If you need to
look up the new key, this is not so easy.

Another problem is that this assumes that the new key has the exact
same user ids.  Oftentimes some emails will have been dropped or the
person's name changed (e.g., marriage, new title, etc.).

Thanks,

:) Neal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: TOFU for GnuPG

[Andre Heinecke]

Hi,

On Tuesday 03 November 2015 16:34:39 you wrote:
> At Tue, 03 Nov 2015 16:10:24 +0100,
> 
> Andre Heinecke wrote:
> > Don't we need to lookup the new key anyway to make validity decisions?
> > Until then we assume "Unknown" trust.
> 
> In the verify case, yes.  But what about the sign case?  We just see
> that the old key has been revoked, but we don't know what the new key
> is.

I assume you mean the encrypt case (I don't see how this affects sign)? But 
still I don't see a problem there. If you don't have a valid key to encrypt 
to. You need to get a different key. How is the trust model involved in that?

Once you have that new key you can do the UID / Signature checks I suggested.


Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users