[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] Feature suggestion: GPG key exchange
|
From: |
Joel N. Weber II |
|
Subject: |
Re: [Savannah-hackers] Feature suggestion: GPG key exchange |
|
Date: |
Tue, 13 Nov 2001 15:15:09 -0500 |
> I'm very concerned that if we had a mechanism for listing keys on
> savannah that people would trust it more than they should. Given that
> anyone who can intercept your email can hijack your savannah account,
> it's sort of pointless.
You mean the email accepting the user's registration?
No, I mean ``I forgot my password'', which I believe is set up to mail
a password to whatever smtp address you have on file. If you can
intercept someone's mail, it's trivial to tell savannah you forgot
that person's password, and after that, you can frob their ssh keys,
etc etc etc.
Although the initial registration process is about equally insecure.
I guess that's true. Perhaps we could ask for keys to be submitted when
user's are registered, that way we can send the mail encrypted with the key?
And how do you verify that the key that was submitted came from the
``right'' person?
If the user doesn't submit a key when they register then they won't be
allowed to submit a key.
There are lots of cases where that would break down; what about the
already-registered users we have today? What happens when people
forget their passphrase?
A keyring is a good idea, but I think savannah is a very useful place to
store keys as well, purely because of it's SSL protected nature.
Strong crypto is of questionable value when we have weak
authentication.