From: Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
To: info-gnus-english@gnu.org
Subject: Re: Trust and public keys
Date: Thu, 19 Nov 2015 18:05:00 +0100 [thread overview]
Message-ID: <87h9khex8j.fsf@informationelle-selbstbestimmung-im-internet.de> (raw)
In-Reply-To: <87fv03mjrp.fsf@mat.ucm.es> (Uwe Brauer's message of "Wed, 18 Nov 2015 15:04:10 +0000")
On 2015-11-18, at 15:04, Uwe Brauer wrote:
> > That came out wrong, then. Part of my problem would be to figure
> > out the “real” e-mail address of “Ed Snowden”. If you registered
> > the fresh e-mail address “ed.snowden@gmail.com” and uploaded a
> > matching key to usual keyservers, then I might fall for that. No
> > special attack skills required.
>
> Correct but this applies to smime and gpg.
I’ll refer to this point below.
> [...]
> > For me as malicious CA (or intruder into a CA) there is no reason to
> > steal the private key as I could generate a certificate with
> > matching private key in your name for your e-mail address, which is
> > “trusted”. Then I could send signed e-mails in your name. That
> > alone might get you into trouble, but you might receive responses
> > that alert you about some ongoing attack. If I was a powerful
> > attacker, able to replace e-mails on the way, I could additionally
> > re-encrypt (modified) responses to your real certificate (or drop
> > messages entirely), and you would never know I was there.
>
> > If I cannot replace e-mails on the way, I can still send “trusted”
> > signed e-mails in your name and tell the recipients to switch to
> > different e-mail addresses with “trusted” certificates. Then,
> > again, I can re-encrypt responses to your real certificate and
> > e-mail address.
>
> But in all of these scenarios you need to hack the email account. It is
> not sufficent just to use a linux smptmail server and manipulate the
> form field. You also have to intercept the reply.
No, please re-read the paragraph starting with: “If I cannot replace”
> I don't see much of a difference between
>
> - the pgp scenario: to place a falsified pgp key on a server
>
> - the smime scenario: to crack a smime certificate by breaching a
> CA (which is more difficult that placing a falsified pgp key).
I agree to your above statement “Correct but this applies to smime
and gpg.” Thus, I consider the following attacks to be comparable:
Upload some OpenPGP key and register some S/MIME certificate.
However, newbies are warned not to trust downloaded OpenPGP keys,
while I’m not aware of similar warnings for “trusted” (signed)
S/MIME certificates.
> Again the question was is smime easier to use.
No. The question was whether someone on this list uses S/MIME with
OpenSSL and would object to a change of defaults to epg.
The current topic is “Trust and public keys.” I changed that in
response to your e-mail where you stated: “Keys signed by these
authorities have to be trusted 100 \%.”
The ensuing discussion helped me to see clearer: There are S/MIME
certificates that have been issued without checks (except ability to
receive e-mail), which I find ridiculous given the goal of
certification. The situation is even worse than I thought
initially.
Best wishes
Jens
_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english
next prev parent reply other threads:[~2015-11-19 17:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
2015-11-10 21:41 ` Adam Sjøgren
2015-11-11 9:38 ` Uwe Brauer
2015-11-11 16:12 ` Adam Sjøgren
2015-11-12 9:31 ` Uwe Brauer
2015-11-12 15:31 ` Adam Sjøgren
2015-11-13 18:55 ` Uwe Brauer
2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger
2015-11-15 21:07 ` Trust and public keys Uwe Brauer
2015-11-16 21:15 ` Jens Lechtenboerger
2015-11-18 15:04 ` Uwe Brauer
2015-11-19 17:05 ` Jens Lechtenboerger [this message]
2015-11-22 18:09 ` [smime and gpg] (was: Trust and public keys) Uwe Brauer
2015-11-16 11:32 ` Trust and public keys Uwe Brauer
2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster
2015-11-13 18:21 ` Uwe Brauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h9khex8j.fsf@informationelle-selbstbestimmung-im-internet.de \
--to=jens.lechtenboerger@fsfe.org \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).