Re: Garbled data in keyservers
On Wed, 05 Dec 2018 11:24:10 -0900, justina colmena via Gnupg-users wrote: > A keyserver is a convenience. Of course it's not magic. Right now I > am using K-9 Mail and OpenKeychain on Android. When I received the > above message from the list, K-9 Mail informed me that it was signed > with a key with fingerprint "0xff80ae9d1dec358d", and referred me to > the OpenKeychain app, which searched keyservers and found a matching > public key, which I was allowed to import to verify the signature, > which I did so successfully. Sure, thats the way it works. If Werner and you for example had an implementation of Autocrypt installed then you would not need a key server. ;-) But what we are pointing out here are the problems the current key server network has, or might face in the future. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpohDTzZmoLb.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
A keyserver is a convenience. Of course it's not magic. Right now I am using K-9 Mail and OpenKeychain on Android. When I received the above message from the list, K-9 Mail informed me that it was signed with a key with fingerprint "0xff80ae9d1dec358d", and referred me to the OpenKeychain app, which searched keyservers and found a matching public key, which I was allowed to import to verify the signature, which I did so successfully. The fingerprints are some collision-resistant secure hashes, and in theory it is extraordinarily difficult to create another public key with the same fingerprint. I have never met "Werner Koch" personally, but I am about as certain as I can be (under the present scheme of things) that that is the key fingerprint of the person from GnuPG.org who posts to the mailing list, and that there would be quite a bit of noise on the list in case of a mistaken identity. There is a certain "reputation effect" with a public key which in theory obviates the need for in-person verification and secret handshakes. The major difficulties and points of weakness to the whole scheme, in my opinion, are, (a) retaining possession of the private key, and (b) denying others illicit access to the private key. Point (b) is a long-term, seemingly irremediable, problem. The long key lifetimes and the general lack of *Perfect Forward Secrecy* greatly aggravate the risk of a catastrophic total compromise of all data signed with or encrypted to the private key. -- A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. https://www.colmena.biz/~justina/justina.colmena.asc signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Wed, 05 Dec 2018 18:53:20 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > > > Can you give more details about the security aspect? > > People believe that the keyservers magically return a matching key > for a mail address. There is no guarantee for this. In fact all > people from the strong had meanwhile expired faked key on the > servers, which was not easy to detect given that they were also > signed by faked keys from the strong set. > > Thus if you have the capability to sniff mail you would upload a faked > key and hope that future senders pick up that faked key and encrypt to > it. You can now intercept that mail, read it, encrypt to the real key > and send on. Even if you can't mount such an active MitM you can > simply send on the newly encrypted mail with an additional line > "sorry, I encrypted to the wrong key". > > Right the Web of Trust would stop this attack, but most people are not > part of the WoT. Simple methods for initial /key discovery/ are > required. Even autocrypt is better than keyservers and with the Web > Key Directory you can get an even better assurance that it is the > correct key. Agreed. > > run their own key server and analyze the data. So what purpose > > should your suggestion serve? > > The additional benefit is that this would take away the load from the > servers and allow that we can get back the large mesh of keyservers. > Without being able to search user-ids it does not anymore make sense > to use keyservers as search engines for magnet links to Bittorrent > distributed data. Well, my understanding would be that a least one (search) criteria would be needed to fetch a key, right? And if so i could also imagine that this one criteria could be abused as well, in form of a given link to that resource, as long as it can be fetched via the web. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpdwKd_BguB5.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > Can you give more details about the security aspect? People believe that the keyservers magically return a matching key for a mail address. There is no guarantee for this. In fact all people from the strong had meanwhile expired faked key on the servers, which was not easy to detect given that they were also signed by faked keys from the strong set. Thus if you have the capability to sniff mail you would upload a faked key and hope that future senders pick up that faked key and encrypt to it. You can now intercept that mail, read it, encrypt to the real key and send on. Even if you can't mount such an active MitM you can simply send on the newly encrypted mail with an additional line "sorry, I encrypted to the wrong key". Right the Web of Trust would stop this attack, but most people are not part of the WoT. Simple methods for initial /key discovery/ are required. Even autocrypt is better than keyservers and with the Web Key Directory you can get an even better assurance that it is the correct key. > run their own key server and analyze the data. So what purpose should > your suggestion serve? The additional benefit is that this would take away the load from the servers and allow that we can get back the large mesh of keyservers. Without being able to search user-ids it does not anymore make sense to use keyservers as search engines for magnet links to Bittorrent distributed data. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpCro1j69bIP.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Wed, 05 Dec 2018 13:28:50 +0100, Werner Koch wrote: > A better way of using keyservers would be to entire disable their > search by name or mail address capabilities. Not only in the web > interface but also in their API. Of course that will be a radical > change but I consider it better for security: Can you give more details about the security aspect? Currently users can still search sks key servers by names, with Lynx... :-) As understood key server operators can still give a whole dump to 3rd parties, which like to analyze the data, or third parties run their own key server and analyze the data. So what purpose should your suggestion serve? If you are talking about GDPR issues, those keys server operators are not "licensed" by governmental institutions and run their servers according to some strict regulations. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpe5FPFllMEL.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Wed, 5 Dec 2018 10:31, c...@cod-web.net said: > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know exactly why it's included in search There are several problem with the keyservers due to their policy of being a plain data store. Actually this policy is a Good Thing because it allows to sync with other servers and their is no need for a central authority. The problem is that the keyservers are abused as data store and, worse, as a public search engine for such data. The latter point can be mitigated by not having a web interface which displays everything. Restricting user-ids and such does not help because there are other ways to store arbitrary data in a OpenPGP keyblock. Even keyservers which would checking the signatures won't help because key signatures can be made using an arbitrary amount of new keys. A better way of using keyservers would be to entire disable their search by name or mail address capabilities. Not only in the web interface but also in their API. Of course that will be a radical change but I consider it better for security: Too many users assume that the keyservers return a correct key; which they don't. In fact their is no way to get a key for a given mail address from a web server. It used to work just out of luck and because all keyserver users used to be fair netizens. The keyserver would then be used for getting the keys to verify a signature (because the lookup is by fingerprint) and to distribute revocations. That is still a useful thing to have. Further the keyservers should stop to accept key signature; for Web of Trust things signed keys should be mailed directly instead (caff already does that). FWIW, I have the problem of a garbled key for quite some time which I can fix for me using things like import-filter drop-sig= sig_created_d=2015-12-24 import-filter drop-sig=|| sig_created_d=2016-03-16 in my gpg.conf. But that is just a stopgap. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp7V8SnL4gCY.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
Thank you. Fun fact: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 > https://bitbucket.org/skskeyserver/sks-keyserver/issues/60 > were opened by Yegor Timoshenko himself ^__^ Thank you again for your quick and sharp answer! -- CoD ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
Hi Claudio, You may find these SKS issues relevant: https://bitbucket.org/skskeyserver/sks-keyserver/issues/41 https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 https://bitbucket.org/skskeyserver/sks-keyserver/issues/60 I'm not able to comment on the specifics of search implementation in SKS though... Kind regards, Wiktor On 05.12.2018 10:31, Claudio Canavese wrote: > Hi everyone, > I'm experiencing a strange behavior when looking for my email address on > many keyserver web interfaces: I get al lot of garbled output from a key > of someone else. > > I can't find and answer in this mailing list archives, so I decided to > ask directly. Forgive me if it's a silly question. > > How to test this: > 1) pick any keyserver, I tried https://pgp.mit.edu/ , > https://keyserver.ubuntu.com/ , http://pool.sks-keyservers.net > 2) search any key but mine by email: works? Well, so it was for me > 3) now try with this email address > > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know exactly why it's included in search > results. I had to use wget to download the web page since any browser > will crash. > > Is this a bug I should submit somewhere? > Can a key break the html output of a keyserver? > > > Thanks you for your time ;-) > > > -- > CoD > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Garbled data in keyservers
Hi everyone, I'm experiencing a strange behavior when looking for my email address on many keyserver web interfaces: I get al lot of garbled output from a key of someone else. I can't find and answer in this mailing list archives, so I decided to ask directly. Forgive me if it's a silly question. How to test this: 1) pick any keyserver, I tried https://pgp.mit.edu/ , https://keyserver.ubuntu.com/ , http://pool.sks-keyservers.net 2) search any key but mine by email: works? Well, so it was for me 3) now try with this email address On pool.sks-keyservers.net eveything works well while on other keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I never signed and I don't know exactly why it's included in search results. I had to use wget to download the web page since any browser will crash. Is this a bug I should submit somewhere? Can a key break the html output of a keyserver? Thanks you for your time ;-) -- CoD ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
