[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!

On Sat, 2014-06-21 at 03:41 +0200, Matthias Urlichs wrote:
> Christoph Anton Mitterer: 
> > In OpenPGP you have the additional problems that:
> > - at least until know communication with the keyservers is usually
> > unsecured: so not only the keyserver operator can attack you, but anyone
> > else that can MitM.
> Fortunately, that only matters when checking for revocations.
> One cannot MitM themselves into the web of trust.
Sure... what I wrote was completely about revocations...
An attacker could of course conceal keys or signatures (or other packets
on them) completely... but these would only result in DoS kind attacks -
nothing which is really a security problem in that case here.

> This is an advantage.  The pool keyservers talk to each other, after all.
> Thus, if somebody really wants to block a key's revocation, they have to
> MitM themselves into their target's path to all of them.
Nah... I don't agree... at least not necessarily.

It would be a subtle advantage, if OpenPGP implementations would SEND
revocation certificates to multiple keyservers (to make sure that it
really goes through the network)... AND if OpenPGP implementations would
also CHECK multiple servers for revocation certificates... hoping to get
at least one that is trustworthy.
But AFAIK, this is not yet the case... and it only solves the problem
the someone might tamper with parts of the keyserver network (e.g. not
actually forwarding your submitted revocation certificate)... it still
doesn't solve the problem that someone between a client (e.g. gnupg) and
the server might tamper with any submitted or retrieved revocation
certs, which I think is right now only possible via https or hkps.

But this gives you again the problem of having X.509... either some
commercial CA, which we cannot trust,... some self-signed cert or one
signed by a "private" CA (like mine:
https://a.keyserver.pki.scientia.net:8443/) or using the
"sks-keyservers.net CA" run by Kristian Fiskerstrand (like
https://a.keyserver.pki.scientia.net/) ... but again,.. you can neither
trust me, nor Kristian nor any of the guys which Kristian gave a
certificate (anybody gets one).

So the "best" thing you can do is:
- operate your own keyserver, peering with as many other keyservers as
- if you actually revoke your key, submit it to as many keyservers as


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: