[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: invalid gpg key revocation
From:       auto15963931 () hushmail ! com
Date:       2012-03-06 18:59:48
Message-ID: 20120306185949.8E2366F443 () smtp ! hushmail ! com
[Download RAW message or body]

> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-
bounces@gnupg.org]
> On Behalf Of Ingo Klöcker
> Sent: Monday, March 05, 2012 3:37 PM
> To: gnupg-users@gnupg.org
> Subject: Re: invalid gpg key revocation
> 
> On Sunday 04 March 2012, Robert J. Hansen wrote:
> > On 3/4/2012 4:13 PM, auto15963931@hushmail.com wrote:
> > > Hello. Supposing I create a key with an arbitrary user ID...
> >
> > This seems to me to be a simple question wrapped up in a lot of
> > unnecessarily specific details: "How is it possible for a
> > non-authorized person to revoke a user ID?"
> >
> > 	1.  Mathematical weakness in the underlying
> > 	    algorithms (unlikely but possible)
> > 	2.  Critical bug in GnuPG (unlikely but possible)
> > 	3.  Someone's swiped your private key (disturbingly
> > 	    possible)
> 
> 4. He has left his laptop unlocked and unattended for a very 
short period
> of time and he is using gpg-agent with a cache-ttl > 0.

I do in fact use gpg-agent and a cache >0, but this machine is not 
in a workplace or public location. It is in my home, in a place 
where visitors have no access, and my family would not have been 
able to do this.  My machine has considerable security. I am not 
saying it would be 100% impossible to get access, but I am saying 
that if there is a possibility, I am not aware of it and I need to 
be so that I can prevent it recurrence.  I do believe that there is 
another more plausible explanation.

For instance, what procedure occurs at the server itself that 
allows the revocation to occur?  Is it a fully automated event? Is 
there a way for a person without a key to issue a command to the 
server in any way to make this happen? 
> 
> I have verified that one can generate a revocation certificate 
without
> entering a passphrase if one has previously signed something 
(e.g. an
> email). So, it was probably just a very nasty prank.

This is good information, but I personally would give it a stronger 
name than prank.
> 
> Maybe gpg shouldn't use the cached signing passphrase (or any 
cached
> passphrase) for generating a revocation certificate.

This does sound like a reasonable consideration, in my opinion. At 
least, I would like to have that option configurable.
> 


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic