[pkg-gnupg-maint] Bug#830479: Bug#830479: gnupg2: new trust level "poisoned"

Simon Richter sjr at debian.org
Fri Jul 8 16:18:50 UTC 2016


Hi,

On 08.07.2016 14:54, Werner Koch wrote:

>> with someone injecting the evil32 keys into the keyserver network it will
>> only be a matter of time until someone signs one of these by accident.

> If you believe that someone does not check the fingerprint of a key
> before they sign it, you should definitely set their ownertrust to
> _never_.  This way keys they sign are not considered in the WoT.

Exactly, but this currently requires me to run an external tool that
checks the signatures under the known bad keys and compare them with my
trustdb.

Ideally, gpg would allow me to do three things when I learn of a key
that has a uid of someone else:

1. set the trust to "never", so the key cannot act as an introducer.

This can be done already.

2. mark the key as invalid/unusable.

If someone I trust signs the fake key, that key is marked as "valid", so
signatures will be accepted and the key becomes a candidate for
encryption. As this is a result of updating the key and checking the
trustdb (which both happens noninteractively and automatically in many
contexts), the user does not have any notification, and since usually
the date is newer, that key is even preferred.

For the user to notice, they would have to compare the long key ID
before sending a mail, which is exactly what we want to avoid.

3. revoke the trust of anyone who signs that key

Again, this happens a lot later than when I learn of the fake key, so I
need help from gpg to notice this.

I know of several people who submit keys to keysigning parties and mark
everyone as untrustworthy who signs them (because no one with that name
went there and confirmed this to be their key), but this is still a
process outside of gpg. With the evil32 set being on the keyservers, I
believe this is a common enough use case that it should be supported out
of the box.

   Simon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160708/93122cf0/attachment.sig>


More information about the pkg-gnupg-maint mailing list