Re: A problem in the web of trust model or a gnupg bug?

2016-02-26 Thread Tobias Mueller 
Hi.

On Do, 2016-02-25 at 08:24 +0100, Werner Koch wrote:
> Thus I am not convinced that the revocation reasons are useful for
> any automated evaluation.
Can I tell GnuPG that I, as a user, am convinced that the superseded
revocation reason is correct?

I've grepped through the gpg man page and only found "superseded" once,
not related to evaluating trust in a key.

Cheers,
  Tobi

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-25 Thread Werner Koch 
On Thu, 25 Feb 2016 00:45, d...@fifthhorseman.net said:

> according to https://tools.ietf.org/html/rfc4880#section-5.2.3.23 :
>
>If a key has been revoked because of a compromise, all signatures
>created by that key are suspect.  However, if it was merely
>superseded or retired, old signatures are still valid.  If the

If the key has been compromised and the attacker assumes that the
legitimate owner of the key is aware of that, the attacker may issue a
revocation certificate with "superceded" reason and and claim that a
later arriving "compromised" revocation has been done accidentally.
Thus I am not convinced that the revocation reasons are useful for any
automated evaluation.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-25 Thread Peter Lebbing 
On 25/02/16 00:45, Daniel Kahn Gillmor wrote:
> so the reason for revocation should affect whether signatures made
> before the revocation are worthy of consideration.

Ah, thanks for the rectification!

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-24 Thread Daniel Kahn Gillmor 
On Fri 2016-02-19 08:26:12 -0500, Peter Lebbing wrote:
> I can't reproduce this. A revocation correctly invalidates any
> certifications *both* before or after the moment of revocation. After
> all, the time can be faked.[1]
>
> I tested with no "revocation reason" specified, by the way. But I don't
> think GnuPG uses the revocation reason for anything, although I'm not
> 100% sure.

according to https://tools.ietf.org/html/rfc4880#section-5.2.3.23 :

   If a key has been revoked because of a compromise, all signatures
   created by that key are suspect.  However, if it was merely
   superseded or retired, old signatures are still valid.  If the
   revoked signature is the self-signature for certifying a User ID, a
   revocation denotes that that user name is no longer in use.  Such a
   revocation SHOULD include a 0x20 code.

so the reason for revocation should affect whether signatures made
before the revocation are worthy of consideration.  however, "no reason
specified" should default to the safer/harsher situation, where all
signatures made by that key are no longer considered, regardless of
timestamp.

hth,

   --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Peter Lebbing 
On 19/02/16 19:47, Andrea Dari wrote:
> This time gpg didn't run that command by itself.

Huh. That's odd. I've never observed GnuPG neglecting to update it
automatically when something might have changed.

But I'm glad you figured it out, it was pretty weird.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
Nop I didn't, now it works!

This time gpg didn't run that command by itself.

Thanks Ingo

Andrea

2016-02-19 19:20 GMT+01:00 Ingo Klöcker :

> On Friday 19 February 2016 15:12:34 Andrea Dari wrote:
> > 1) This is the general situation:
> >
> > http://pastebin.com/NXuJj2h5
> >
> > User one is the user that i fully trust and has a revocation dated on
> > 18 February 2016
> >
> > 2) Here you can see User one pbkey details:
> >
> > http://pastebin.com/g2tQKzPN
> >
> > 3) Here you can see that user three is treated with validity = full
> > even if it is signed after the revocation of User one key.
> >
> > http://pastebin.com/EEGXcNa2
> >
> > Fortunately, this is not a real situation, but I tested it to
> > understand what happened in this cases; because i wasn't able to find
> > any documentation about it.
>
> Did you run "gpg --check-trustdb" after you revoked the key of User one?
>
>
> Regards,
> Ingo
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Ingo Klöcker 
On Friday 19 February 2016 15:12:34 Andrea Dari wrote:
> 1) This is the general situation:
> 
> http://pastebin.com/NXuJj2h5
> 
> User one is the user that i fully trust and has a revocation dated on
> 18 February 2016
> 
> 2) Here you can see User one pbkey details:
> 
> http://pastebin.com/g2tQKzPN
> 
> 3) Here you can see that user three is treated with validity = full
> even if it is signed after the revocation of User one key.
> 
> http://pastebin.com/EEGXcNa2
> 
> Fortunately, this is not a real situation, but I tested it to
> understand what happened in this cases; because i wasn't able to find
> any documentation about it.

Did you run "gpg --check-trustdb" after you revoked the key of User one?


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
I use the default Debian gnupg packet config, I have only Andrea Dari's
private key.
I tested it also with gnupg v2.x but it still have the same problem.

2016-02-19 15:27 GMT+01:00 Peter Lebbing :

> On 19/02/16 15:12, Andrea Dari wrote:
> > 1) This is the general situation:
>
> I don't see why this unexpectedly keeps user three fully valid... it
> looks like you're right and three should be invalid. Do you have any
> funny stuff in gpg.conf? For which of these keys do you have the private
> key installed in this installation of GnuPG? I don't think the latter
> should matter, but it could be useful to know...
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at 
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Peter Lebbing 
On 19/02/16 15:12, Andrea Dari wrote:
> 1) This is the general situation:

I don't see why this unexpectedly keeps user three fully valid... it
looks like you're right and three should be invalid. Do you have any
funny stuff in gpg.conf? For which of these keys do you have the private
key installed in this installation of GnuPG? I don't think the latter
should matter, but it could be useful to know...

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
1) This is the general situation:

http://pastebin.com/NXuJj2h5

User one is the user that i fully trust and has a revocation dated on 18
February 2016

2) Here you can see User one pbkey details:

http://pastebin.com/g2tQKzPN

3) Here you can see that user three is treated with validity = full even if
it is signed after the revocation of User one key.

http://pastebin.com/EEGXcNa2

Fortunately, this is not a real situation, but I tested it to understand
what happened in this cases; because i wasn't able to find any
documentation about it.


2016-02-19 14:26 GMT+01:00 Peter Lebbing :

> I can't reproduce this. A revocation correctly invalidates any
> certifications *both* before or after the moment of revocation. After
> all, the time can be faked.[1]
>
> I tested with no "revocation reason" specified, by the way. But I don't
> think GnuPG uses the revocation reason for anything, although I'm not
> 100% sure.
>
> Could you show some of the output you get, possibly redacted for privacy?
>
> As a very simple explanation, are you overlooking a different
> certification on the key that is still valid and trusted?
>
> I used GnuPG 2.1.11.
>
> HTH,
>
> Peter.
>
> [1] Other than that, if you revoke a key using the revocation
> certificate you made when the key was created, it will show a revocation
> date equal to the creation date even though you only uploaded the
> certificate years later, for example. Even if only certifications made
> after revocation would be invalidated, that situation would still
> invalidate all revocations, since they're all later than the key
> creation. This is not very relevant to your problem, though, I just
> thought it was an interesting observation.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at 
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Peter Lebbing 
I can't reproduce this. A revocation correctly invalidates any
certifications *both* before or after the moment of revocation. After
all, the time can be faked.[1]

I tested with no "revocation reason" specified, by the way. But I don't
think GnuPG uses the revocation reason for anything, although I'm not
100% sure.

Could you show some of the output you get, possibly redacted for privacy?

As a very simple explanation, are you overlooking a different
certification on the key that is still valid and trusted?

I used GnuPG 2.1.11.

HTH,

Peter.

[1] Other than that, if you revoke a key using the revocation
certificate you made when the key was created, it will show a revocation
date equal to the creation date even though you only uploaded the
certificate years later, for example. Even if only certifications made
after revocation would be invalidated, that situation would still
invalidate all revocations, since they're all later than the key
creation. This is not very relevant to your problem, though, I just
thought it was an interesting observation.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
Yes, both GMT.

2016-02-19 12:33 GMT+01:00 Andrew Gallagher :

> On 19/02/16 10:25, Andrea Dari wrote:
> > Hi,
> >
> > In my public keyring I have a public key signed in date 19 February 2016
> > by a user (pbkey) that I trust fully, but the same pbkey of the user
> > that I trust is revoked in date 18 February 2016.
>
> Are both dates in GMT?
>
> A
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
Yes, both GMT.

Andrea

2016-02-19 12:33 GMT+01:00 Andrew Gallagher :

> On 19/02/16 10:25, Andrea Dari wrote:
> > Hi,
> >
> > In my public keyring I have a public key signed in date 19 February 2016
> > by a user (pbkey) that I trust fully, but the same pbkey of the user
> > that I trust is revoked in date 18 February 2016.
>
> Are both dates in GMT?
>
> A
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrew Gallagher 
On 19/02/16 10:25, Andrea Dari wrote:
> Hi,
> 
> In my public keyring I have a public key signed in date 19 February 2016
> by a user (pbkey) that I trust fully, but the same pbkey of the user
> that I trust is revoked in date 18 February 2016.

Are both dates in GMT?

A



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

A problem in the web of trust model or a gnupg bug?

2016-02-19 Thread Andrea Dari 
Hi,

In my public keyring I have a public key signed in date 19 February 2016 by
a user (pbkey) that I trust fully, but the same pbkey of the user that I
trust is revoked in date 18 February 2016.

So the question is, how can be possible that a pbkey signed after a key
revocation, which could be easily done by a malicious user, is treated by
gnupg as validate fully?

This, in my opinion, should breaks the chain of trust for keys signed after
a key revocation.

A possible solution could be to change the trust of the key revoked from
full to untrusted, but in that case all the keys signed before the
revocation will be treated as validate unknown which is not what a user
could want.

Thanks to those who want to respond.

Andrea
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users