[pkg-gnupg-maint] Bug#807620: Bug#807620: dirmngr: split SKS keyserver network CA into separate ca-certificates compatible package

[Daniel Kahn Gillmor]

Hi Christoph--

thanks for the suggestion!

On Thu 2015-12-10 18:31:12 -0500, Christoph Anton Mitterer wrote:

> May I suggest, that the SKS keyserver network CA cert is
> split into it's own package that would integrate into the
> ca-certificates framework.
> An example would be the ca-cacert package.

I don't think that the sks keyserver network CA should be in the general
ca-certificates framework, because it isn't properly name constrained.

adding it to ca-certificates would allow Kristian the ability to MITM
most TLS connections.

While i suspect Kristian would be more responsible than the
least-responsible of the parties authorized by the CA cartel, i don't
think we want to increase that particular attack surface.

However, i agree with you that we should ship the sks keyserver CA in a
known place so that tools that are deliberately trying to talk to
hkps://hkps.pool.sks-keyservers.net will have an easy time verifying it.

This part is already done: dirmngr ships the CA at:

 /usr/share/dirmngr/sks-keyservers.netCA.pem

You can think of this as a crufty "DLV" (domain lookaside validation)
for this one particular point in the DNS, i guess.

I'm working on a patch for GnuPG that should make it automatically use
this file as a cert if the user is visiting the hkps pool.

> Given that the SKS keyserver network CA will be typically used for
> the webinterface of the keyservers as well, some people may
> want to have it generally available.

i don't know anyone who uses it for the web interface, and i suspect
that using it there would be problematic for the non-name-constrained
reason described above.

       --dkg