On Sat, May 20, 2006 at 03:21:13PM +0200, Jan Kundr?t wrote: > I don't know much about cryptography, but could you please elaborate on > why is using one subkey for all the stuff considered a Bad Thing? The basic form of it, is a vulnerability towards a class of attacks that require a large supply of signed/encrypted material. For a primer on various modes of using block ciphers, see Wikipedia: http://tinyurl.com/bbcmf
It's conceivable that (and this is the absolute worst case), under this class of attack, a lot of signing may ultimately reveal bits of your key, because the attacker has both the plaintext and ciphertext, and can ultimately compute it - this can either be brute-force, or mathematically (consider it solving algebra). > Off-topic question - I've already met Alice, verified her identity, > signed her keys and now she wants me to sign her new subkey with same > name, e-mail etc because the old one has expired. Alice lives in Canada > so I can't meet her easily. Should I sign it again with the same level > of "trust"? I think you missed something in my original email, namely that you don't sign subkeys, you sign uids. Since uids don't expire that part is irrelevant, but they can be revoked - then this becomes the same as bob's case below. Note: Unless you are using the 'tsign' command under GnuPG, the trust question it asks you is only for it's local database, and is NOT included with the exported keys that are sent to keyservers or other users. So let's assume you are using tsign as well. > Another situation - Bob, Alice's boyfriend, lives in Canada. I've met > him before, verified his identity and signed his subkey for > [EMAIL PROTECTED] Now he wants my signature for [EMAIL PROTECTED] Should I > sign it? Actual answer: You'll need to rely on your discretion a bit, but you can narrow down the possibilities for attacks by following a specific process (and there is a package that makes this much easier, but it's only available in Debian's SVN at the moment http://tinyurl.com/ggueq). 0. Bob sends you a request about his new uid, signed with his key that you can verify. 1. Sign the new uid, and export the uid signature to a file. 2. Delete the signature from your keyring, you don't want it trusted yet (you can avoid this is you have a temp clone of your keyring). 3. Send Bob an encrypted email, with the uid signature file attached. 4. Bob needs to be able to decrypt the email using his GnuPG - thus associating the email address listed in his key with his key - if she can't decrypt the email - she's an imposter that has taken over the email account. -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgp0905KBwRTc.pgp
Description: PGP signature
