Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed
From: Uwe Brauer <oub@mat.ucm.es>
To: info-gnus-english@gnu.org
Subject: Re: Trust and public keys
Date: Sun, 15 Nov 2015 21:07:29 +0000	[thread overview]
Message-ID: <87io53j7ji.fsf@mat.ucm.es> (raw)
In-Reply-To: <87k2pkfv86.fsf@informationelle-selbstbestimmung-im-internet.de>


   > On 2015-11-13, at 18:55, Uwe Brauer wrote:

   > The number of signatures does not tell much.  Attackers can create
   > as many as they like.


   > That depends on the scenario.  If I know your “real” e-mail address,
   > it does not hurt if I use a public key for that e-mail address that
   > I just “found” (e-mail, key server, homepage).

   > If an attacker, say Mallory, created that key in your name, Mallory
   > would need to intercept all e-mails encrypted under that forged key
   > and replace them with e-mails encrypted to your real key (or
   > plaintext ones) to go undetected.  I don’t think that ordinary human
   > beings need to care about attackers of such power.

   > Of course, if they did care, all they would need to do is verify key
   > fingerprints via some out-of-band channel.  No signatures required,
   > but admittedly beyond the reach of “illiterate” users.

   > (Besides, attackers that are able to replace encrypted e-mails should
   > also be able to create S/MIME certificates for other people’s e-mail
   > addresses.)

I am bit confused by all the scenarios. Just to make that clear.

If I had to communicate something really secret say with Ed Snowden, I
would use of course use gpg[1] and not smime, ,
then I would try somehow to compare the fingerprints of the keys by some
secure means (a secure chat).

Now if you say that all the above scenarios are usually out of reach of
«normal» attackers, I am curious to see what a security breach in a CA
would really imply (see below)

   > The color map at [0] shows about 650 of them.

Nice map, however on my laptop screen I cannot see much and understand
what these colors mean, sorry.

   > Do you realize what you just said?  With CAs, the positive term
   > “trust” is misused to hide something else.  “Having to trust” just
   > does not make sense.

C'mon, sigh, don't take this «literate». I just wanted to describe the
basic concepts of smime. There are two type of certificates, self signed
which are not to be trusted and those signed by a CA, these are trusted
by the model.

Whether you (the user) should trust them is another question.

   > I don’t trust CAs, for good reasons. Trust has to be earned. PKIs
   > fail with the weakest link, and there are too many examples of
   > broken links [1, 2, 3, 4, 5].

Ok, now let us play this to the end. Let us assume that a CA, say comodo
is breached, now what does this imply??

When I apply for a certificate the private key is generated by the crypt
module of my browser. Are you suggesting that this is also hacked? That
indeed would be disastrous. Then indeed the intruder could obtain a copy
of my private key and sell it to some sinister organisation.

Or what else could the attacker do, and how long realistically would
such a breach go on undetected? For months?


   > Please, do not misuse the term “trust”.  I wrote about that in some
   > detail elsewhere [6].

I know.

Again I just claimed that for the «normal» user, with moderate security
demands smime is the easier solution, nothing more.

Best

Uwe


Footnotes: 
[1]  Among other things, with gpg I can generate a larger key say 4096
     that with smime.



_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

  reply	other threads:[~2015-11-15 21:07 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
2015-11-10 21:41   ` Adam Sjøgren
2015-11-11  9:38     ` Uwe Brauer
2015-11-11 16:12       ` Adam Sjøgren
2015-11-12  9:31         ` Uwe Brauer
2015-11-12 15:31           ` Adam Sjøgren
2015-11-13 18:55             ` Uwe Brauer
2015-11-14 15:37               ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger
2015-11-15 21:07                 ` Uwe Brauer [this message]
2015-11-16 21:15                   ` Trust and public keys Jens Lechtenboerger
2015-11-18 15:04                     ` Uwe Brauer
2015-11-19 17:05                       ` Jens Lechtenboerger
2015-11-22 18:09                         ` [smime and gpg] (was: Trust and public keys) Uwe Brauer
2015-11-16 11:32                 ` Trust and public keys Uwe Brauer
2015-11-12 19:20           ` S/MIME with OpenSSL? Peter Münster
2015-11-13 18:21             ` Uwe Brauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87io53j7ji.fsf@mat.ucm.es \
    --to=oub@mat.ucm.es \
    --cc=info-gnus-english@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).