[Pkg-gnupg-maint] Bug#725411: gnupg: gpg blindly imports keys from keyserver responses
Paul Wise
pabs at debian.org
Sun Aug 24 15:30:34 UTC 2014
On Sun, 2014-08-24 at 16:46 +0200, Florian Weimer wrote:
> * Paul Wise:
>
> > In addition to the user expectations issues Andrew mentions, it isn't
> > too hard to imagine attacks that take advantage of colliding key-ids,
> > blind key imports by gpg and tools/users that only look at key-ids.
> >
> > http://www.asheesh.org/note/debian/short-key-ids-are-bad-news
>
> The recommendation to rely on 64 bit key IDs is rather questionable
> because V3 keys allow cheap construction of 64-bit key ID duplicates:
>
> <http://www.ietf.org/mail-archive/web/openpgp/current/msg00373.html>
I expect Asheesh simply hadn't read about that particular attack, I
certainly hadn't. It is well past time the world moved off V3 keys so it
may be time to just disable them in implementations. It is well past
time implementations stopped accepting and displaying anything less than
the full fingerprint, especially considering the collision attack
achieved with 64 bit key IDs on V4 keys. It would nice to protect
against this issue for those who are well informed about these issues,
use the full fingerprint but assume gnupg does the right thing when
dealing with keyservers. I also wonder if things like parcimonie check
which key was downloaded.
https://www.debian-administration.org/users/dkg/weblog/105
--
bye,
pabs
http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140824/e367de7b/attachment.sig>
More information about the Pkg-gnupg-maint
mailing list