[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: get OpenPGP pubkeys authenticated using German personal ID
From: Alexander Leidinger via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2023-06-02 5:55:24
Message-ID: 20230602075524.Horde.2XgrKznfVnYJ6yezHjig0Rt () webmail ! leidinger ! net
[Download RAW message or body]
This message is in MIME format and has been PGP signed.
[Attachment #2 (multipart/signed)]
This message is in MIME format and has been PGP signed.
[Attachment #4 (multipart/alternative)]
This message is in MIME format.
Quoting Andrew Gallagher <andrewg@andrewg.com> (from Thu, 1 Jun 2023
14:19:29 +0100):
> On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users
> <gnupg-users@gnupg.org> wrote:
>
>>
>> Quoting Bernhard Reiter <bernhard@intevation.de> (from Wed,
>> 31 May 2023 16:55:05 +0200):
>>
>>> Obviously they cannot authenticate the email address
>>> so once I have a common name, we get collisions?
>>
>> The signature is send to the email listed in the key. In case you
>> share a name with someone which has a PGP key and you sign this
>> key, the person(s) with access to that email account will get the
>> signature.
>
> This is not best practice. Normally when email verification is
> being performed, the gated action (such as certification, account
> creation etc.) is not done until after a (time-bound!)
> challenge/response succeeds. This places too much emphasis on
> verification of the (non-unique) "real name" component of the
> UserID, and not enough on the machine-readable email address.
>
> This opens up more fundamental questions about the meaning of
> signatures over RFC822 UserIDs - do they validate the "real name",
> the email address, or some combination of the two? For example, an
> email-validating CA may only check the email address part, treating
> the "real name" as little more than a comment; while Governikus
> appear to be doing it the other way around. It is of course up to
> the receiver to decide how to interpret signatures, but it only
> compounds the problem when not only is the signer's trustworthiness
> in question, but also their intent. How do you interpret the
> validity of a claim when it's not even clear what the claim is?
>
I don't remember if there was a challenge/response or not. As I still
have the email with the signed key, I can tell that the signature can
arrive via a TLS encrypted SMTP channel directly from governicus (and
they have a SPF setup but not DKIM):
---snip---
Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-256) server-digest
SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer
"VPR-BOS004.dmz.bosnetz.de" (not verified))---snip---
Bye,
Alexander.
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
[Attachment #7 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title></title>
</head>
<body style="font-family:Arial;font-size:14px">
<p>Quoting Andrew Gallagher <<a \
href="mailto:andrewg@andrewg.com">andrewg@andrewg.com</a>> (from Thu, 1 Jun 2023 \
14:19:29 +0100):</p> <blockquote style="border-left:2px solid \
blue;margin-left:2px;padding-left:12px;" type="cite"> <p>On 1 Jun 2023, at 12:23, \
Alexander Leidinger via Gnupg-users <gnupg-users@gnupg.org> wrote:<br></p> \
<div> <blockquote type="cite">
<div>
<div class="content-isolator__container" style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> <div class="protected-part">
<div class="protected-title"> </div>
<div class="protected-content">Quoting Bernhard Reiter <<a \
href="mailto:bernhard@intevation.de">bernhard@intevation.de</a>> (from Wed, 31 May \
2023 16:55:05 +0200):<br> <br>
<blockquote type="cite">
<p>Obviously they cannot authenticate the email address<br>
so once I have a common name, we get collisions?</p>
</blockquote>
<br>
The signature is send to the email listed in the key. In case you share a name with \
someone which has a PGP key and you sign this key, the person(s) with access to that \
email account will get the signature.</div> </div>
</div>
</div>
</blockquote>
</div>
<div>This is not best practice. Normally when email verification is being performed, \
the gated action (such as certification, account creation etc.) is not done until \
after a (time-bound!) challenge/response succeeds. This places too much emphasis on \
verification of the (non-unique) “real name” component of the UserID, and \
not enough on the machine-readable email address.</div> <div> </div>
<div>This opens up more fundamental questions about the meaning of signatures over \
RFC822 UserIDs - do they validate the “real name”, the email address, or \
some combination of the two? For example, an email-validating CA may only check the \
email address part, treating the “real name” as little more than a \
comment; while Governikus appear to be doing it the other way around. It is of course \
up to the receiver to decide how to interpret signatures, but it only compounds the \
problem when not only is the signer’s trustworthiness in question, but also \
their intent. How do you interpret the validity of a claim when it’s not even \
clear what the claim is?</div> <div> </div>
</blockquote>
<p>I don't remember if there was a challenge/response or not. As I still have the \
email with the signed key, I can tell that the signature can arrive via a TLS \
encrypted SMTP channel directly from governicus (and they have a SPF setup but not \
DKIM):<br>
---snip---<br></p>
<pre style="overflow-wrap: break-word; white-space: pre-wrap;">
Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer "VPR-BOS004.dmz.bosnetz.de" (not \
verified)) </pre>
<p>---snip---<br>
<br>
Bye,<br>
Alexander.<br>
<br></p>
<div><a href="http://www.Leidinger.net" target="_blank">http://www.Leidinger.net</a> \
<a href="mailto:Alexander@Leidinger.net">Alexander@Leidinger.net</a>: PGP \
0x8F31830F9F2772BF<br> <a href="http://www.FreeBSD.org" \
target="_blank">http://www.FreeBSD.org</a> <a \
href="mailto:netchild@FreeBSD.org">netchild@FreeBSD.org</a> : PGP \
0x8F31830F9F2772BF</div> </body>
</html>
[Attachment #8 (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic