Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Signing everything, for fun and for profit
Date: Sat, 20 May 2006 20:53:28
Message-Id: 20060520204707.GB19246@curie-int.vc.shawcable.net
In Reply to: Re: [gentoo-dev] Signing everything, for fun and for profit by "Jan Kundrát"
1 On Sat, May 20, 2006 at 03:21:13PM +0200, Jan Kundr?t wrote:
2 > I don't know much about cryptography, but could you please elaborate on
3 > why is using one subkey for all the stuff considered a Bad Thing?
4 The basic form of it, is a vulnerability towards a class of attacks that
5 require a large supply of signed/encrypted material.
6 For a primer on various modes of using block ciphers, see
7 Wikipedia: http://tinyurl.com/bbcmf
8
9 It's conceivable that (and this is the absolute worst case), under this
10 class of attack, a lot of signing may ultimately reveal bits of your
11 key, because the attacker has both the plaintext and ciphertext, and can
12 ultimately compute it - this can either be brute-force, or
13 mathematically (consider it solving algebra).
14
15 > Off-topic question - I've already met Alice, verified her identity,
16 > signed her keys and now she wants me to sign her new subkey with same
17 > name, e-mail etc because the old one has expired. Alice lives in Canada
18 > so I can't meet her easily. Should I sign it again with the same level
19 > of "trust"?
20 I think you missed something in my original email, namely that you don't
21 sign subkeys, you sign uids.
22
23 Since uids don't expire that part is irrelevant, but they can be revoked
24 - then this becomes the same as bob's case below.
25
26 Note:
27 Unless you are using the 'tsign' command under GnuPG, the trust question
28 it asks you is only for it's local database, and is NOT included with
29 the exported keys that are sent to keyservers or other users. So let's
30 assume you are using tsign as well.
31
32 > Another situation - Bob, Alice's boyfriend, lives in Canada. I've met
33 > him before, verified his identity and signed his subkey for
34 > bob@××××××.com. Now he wants my signature for bob@×××××××.org. Should I
35 > sign it?
36 Actual answer:
37 You'll need to rely on your discretion a bit, but you can narrow down
38 the possibilities for attacks by following a specific process (and there
39 is a package that makes this much easier, but it's only available in
40 Debian's SVN at the moment http://tinyurl.com/ggueq).
41 0. Bob sends you a request about his new uid, signed with his key that
42 you can verify.
43 1. Sign the new uid, and export the uid signature to a file.
44 2. Delete the signature from your keyring, you don't want it trusted yet
45 (you can avoid this is you have a temp clone of your keyring).
46 3. Send Bob an encrypted email, with the uid signature file attached.
47 4. Bob needs to be able to decrypt the email using his GnuPG - thus
48 associating the email address listed in his key with his key - if she
49 can't decrypt the email - she's an imposter that has taken over the
50 email account.
51
52 --
53 Robin Hugh Johnson
54 E-Mail : robbat2@g.o
55 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-dev] Signing everything, for fun and for profit Paul de Vrieze <pauldv@g.o>