On Wed 2015-02-11 01:33:40 -0500, Trevor Perrin wrote: > I'm not sure PGP signatures contain the public key or a full hash by > default - so you may be right that signing by itself is insufficient > (signatures don't necessarily "bind" the public key - see > "duplicate-signature key selection" [2]).
OpenPGP signatures currently don't contain the full public key or even a full fingerprint. What's present is the 64-bit "long keyid", which i don't think is sufficient (David Leon Gil has already demonstrated manufactured collisions in the short keyid space, and i doubt a pre-image against some key in the strong set is out of reach for a well-resourced researcher). It is a trivial extension to include the full fingerprint, though, and i've been doing it for years with a minor change to gpg.conf, which anyone can add: sig-notation [email protected]=%g The name of the notation is "[email protected]" (i selected this from my own namespace, but i encourage everyone to use the same string instead of inventing their own; if this is useful, it would probably not be hard to make this a global notation called just "issuer" via tedious IETF process) and the content is the full fingerprint. > Per Mike's suggestion I tried this with S/MIME: > - Got an S/MIME cert, the enrollment was easy with OSX Chrome *but* > only free for personal use, the cert expires in a year, and the cert > could be revoked anytime. > - Thunderbird couldn't see the cert (doesn't integrate with OSX > keystore), but OSX Mail started signing my messages and picked up > Mike's key from his message (it's too transparent, though - I can't > tell what's encrypted or view fingerprints). Plaintext drafts of the > messages I'm writing get sync'd through IMAP, which is bad. > - Exporting my certificate from OSX keychain, then importing into > Thunderbird, was a minor hassle but got encryption/decryption working. > Though my Thunderbird won't sign for some reason. > - Mike had one failure-to-encrypt (sent plaintext) in a conversation > of a few messages, which he blamed on some "smart card stick" he had > plugged in overriding his regular cert. > > Quoting Mike, this feels like "bugs and interop problems nobody ever > fixes because it’s just not a widely used feature. And partly it > doesn’t become widely used because there are lots of rough edges". > > But it sort of worked - it would be nice to see more analysis and testing. Are you using the same key for signing as for encryption with this setup, or does your S/MIME cert somehow have a separate signing key from an encryption key? --dkg _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
