[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS should not accept or replay non-exportable certifica
|
From: |
Jason Harris |
|
Subject: |
Re: [Sks-devel] SKS should not accept or replay non-exportable certifications |
|
Date: |
Sat, 14 Sep 2013 23:31:52 -0400 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Sep 14, 2013 at 08:46:05PM -0500, John Clizbe wrote:
> As I see it, we have two related problems here, both involving the no-export
> signature flag:
> 2) JimBob lsigns his own key, creating a non-exportable selfsig then delsigs
> all of the exportable selfsigs. This is shooting oneself in the foot. If we
> honor no-export on a selfsig, we create keys with UIDs that have no binding
> signature. THIS IS VERY VERY BAD. I think the RFC folks should probably have
True, but the user's OpenPGP client is the best place to allow/
disallow such behavior, or at least prompt the user to re-sign
the key if they manage to totally break it as you've described.
> My compromise suggestion of trying to DTRT but with minimum harm is in the
> case of 1, where signing key != signed key, strip the non-exportable sig
> before we import into the key store.
Agreed.
> In the case of 2, where signing key == signed key (lsign your own key) we have
> a user either intentionally or accidentally shooting himself in the crypto
> foot. We can a) hold our noses and accept the key, or b) reject the entire key
> as malformed -- there is no way to honor the no-export sig flag and still have
> a valid key.
That, truly, sounds like a "weird corner case," which, if GPG
or other OpenPGP implementations indeed allow users to create,
could be handled with a small tweak to dkg's patch. That is,
don't discard an lsign'd/non-exportable SELFSIG if it is the
only SELFSIG.
Of course, GPG would need to keep this lone lsign'd selfsig,
hopefully without yet another configuration option, and SKS
could still discard it in the case of a bad, but exportable,
selfsig, so we should add crypto to be sure, but whatever... :)
> Another possibility is that if there are earlier or later exportable
> selfsig(s), just strip the errant selfsig with the no-export flag.
Basically the same action for DTRT in case #1.
--
Jason Harris | PGP: This _is_ PGP-signed, isn't it?
address@hidden _|_ Got photons? (TM), (C) 2004
pgp1ZAxwr3pCD.pgp
Description: PGP signature
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, (continued)
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, John Clizbe, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, John Clizbe, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications,
Jason Harris <=
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Phil Pennock, 2013/09/15
- [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Daniel Kahn Gillmor, 2013/09/17
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], ClarusComms OpenPGP Services, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Johan van Selst, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Stephan Seitz, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], John Clizbe, 2013/09/18
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Jason Harris, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, kwadronaut, 2013/09/15
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, David Shaw, 2013/09/15