Trust and public keys (was: S/MIME with OpenSSL?)

From: Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
To: info-gnus-english@gnu.org
Subject: Trust and public keys (was: S/MIME with OpenSSL?)
Date: Sat, 14 Nov 2015 16:37:13 +0100	[thread overview]
Message-ID: <87k2pkfv86.fsf@informationelle-selbstbestimmung-im-internet.de> (raw)
In-Reply-To: <87r3jtsp9i.fsf@mat.ucm.es>

On 2015-11-13, at 18:55, Uwe Brauer wrote:

>     -  PGP creates a net of trust: there are key servers where you can
>        upload your public keys so that it can be signed by people you
>        trust. As a rule of the thumb: one should trust a public key if
>        its signed by somebody one trusts or if this is not the case,
>        trust a key which has a lot of signatures.

The number of signatures does not tell much.  Attackers can create
as many as they like.

>        One should never just
>        use a public key which has been sent to him/her, since one cannot
>        trust it.

That depends on the scenario.  If I know your “real” e-mail address,
it does not hurt if I use a public key for that e-mail address that
I just “found” (e-mail, key server, homepage).

If an attacker, say Mallory, created that key in your name, Mallory
would need to intercept all e-mails encrypted under that forged key
and replace them with e-mails encrypted to your real key (or
plaintext ones) to go undetected.  I don’t think that ordinary human
beings need to care about attackers of such power.

Of course, if they did care, all they would need to do is verify key
fingerprints via some out-of-band channel.  No signatures required,
but admittedly beyond the reach of “illiterate” users.

(Besides, attackers that are able to replace encrypted e-mails should
also be able to create S/MIME certificates for other people’s e-mail
addresses.)

>     -  SMIME has a hierarchical model: there are a dozen or so
>        certificate authorities (CA) which can sign keys.

The color map at [0] shows about 650 of them.

>        Keys signed by these authorities have to be trusted 100 \%.

Do you realize what you just said?  With CAs, the positive term
“trust” is misused to hide something else.  “Having to trust” just
does not make sense.

I don’t trust CAs, for good reasons.  Trust has to be earned.
PKIs fail with the weakest link, and there are too many examples of
broken links [1, 2, 3, 4, 5].

>        All software mail programs I listed are configured such
>        that public keys signed by these authorities are
>        trusted.

Please, do not misuse the term “trust”.  I wrote about that in some
detail elsewhere [6].

Best wishes
Jens

[0] https://www.eff.org/files/colour_map_of_cas.pdf
[1] http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html
[2] https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/
[3] https://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html
[4] http://googleonlinesecurity.blogspot.de/2015/03/maintaining-digital-certificate-security.html
[5] https://googleonlinesecurity.blogspot.com/2015/09/improved-digital-certificate-security.html
[6] https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english