Re: Trust and public keys

From: Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
To: info-gnus-english@gnu.org
Subject: Re: Trust and public keys
Date: Thu, 19 Nov 2015 18:05:00 +0100	[thread overview]
Message-ID: <87h9khex8j.fsf@informationelle-selbstbestimmung-im-internet.de> (raw)
In-Reply-To: <87fv03mjrp.fsf@mat.ucm.es> (Uwe Brauer's message of "Wed, 18 Nov 2015 15:04:10 +0000")

On 2015-11-18, at 15:04, Uwe Brauer wrote:

>    > That came out wrong, then.  Part of my problem would be to figure
>    > out the “real” e-mail address of “Ed Snowden”.  If you registered
>    > the fresh e-mail address “ed.snowden@gmail.com” and uploaded a
>    > matching key to usual keyservers, then I might fall for that.  No
>    > special attack skills required.
>
> Correct but this applies to smime and gpg.

I’ll refer to this point below.

> [...]
>    > For me as malicious CA (or intruder into a CA) there is no reason to
>    > steal the private key as I could generate a certificate with
>    > matching private key in your name for your e-mail address, which is
>    > “trusted”.  Then I could send signed e-mails in your name.  That
>    > alone might get you into trouble, but you might receive responses
>    > that alert you about some ongoing attack.  If I was a powerful
>    > attacker, able to replace e-mails on the way, I could additionally
>    > re-encrypt (modified) responses to your real certificate (or drop
>    > messages entirely), and you would never know I was there.
>
>    > If I cannot replace e-mails on the way, I can still send “trusted”
>    > signed e-mails in your name and tell the recipients to switch to
>    > different e-mail addresses with “trusted” certificates.  Then,
>    > again, I can re-encrypt responses to your real certificate and
>    > e-mail address.
>
> But in all of these scenarios you need to hack the email account. It is
> not sufficent just to use a linux smptmail server and manipulate the
> form field. You also have to intercept the reply.

No, please re-read the paragraph starting with: “If I cannot replace”

> I don't see much of a difference between
>
>     -  the pgp scenario: to place a falsified  pgp key on a server 
>
>     -  the smime scenario:  to crack a smime certificate by breaching a
>        CA (which is more difficult that placing a falsified pgp key).

I agree to your above statement “Correct but this applies to smime
and gpg.”  Thus, I consider the following attacks to be comparable:
Upload some OpenPGP key and register some S/MIME certificate.

However, newbies are warned not to trust downloaded OpenPGP keys,
while I’m not aware of similar warnings for “trusted” (signed)
S/MIME certificates.

> Again the question was is smime easier to use.

No.  The question was whether someone on this list uses S/MIME with
OpenSSL and would object to a change of defaults to epg.

The current topic is “Trust and public keys.”  I changed that in
response to your e-mail where you stated: “Keys signed by these
authorities have to be trusted 100 \%.”

The ensuing discussion helped me to see clearer: There are S/MIME
certificates that have been issued without checks (except ability to
receive e-mail), which I find ridiculous given the goal of
certification.  The situation is even worse than I thought
initially.

Best wishes
Jens

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english