[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Wednesday 06 Aug 2003 1:27 am, Simon Waters wrote: > Because anyone smart enough to trojan a GPG distribution would probably > put the finger print of the fake key they used to sign it on the To catch this, you need to have some way of telling that the key details have changed - the Web-of-Trust can't help with verifying new keys. You need to use the same process as you would for any unknown new key. (See later for the answer.) > website, when they upload the trojaned version. You'd sign the fake key > with a few random fake keys for well known crytopgraphers, and IT types, Again, these would be new keys for each signatory - a bit of a giveaway. If you see a key with many new signatures ALL made by keys that themselves were created on or after the creation of the suspect key (which itself would have a recent creation date), isn't that a bit obvious? Changing your system time that often surely can't be worth it? > it looks genuine enough, hell it probably isn't that hard to get this > fake group into the web of trust, although it would be a sparsely As the Wotsap site says, verifying each signature is left to the reader! You'd need a double-agent somewhere - someone willing to make all the right noises to get their key signed by someone already well-established (i.e. in the strong set) in the WoT but who is also willing to sign an obviously fake key. This fork-point would obviously be VERY easy to spot and the signature on their key easily revoked by the person who was duped by the forger. As a member of the 'strong set', you'd expect there to be quite a public scene when the sig was revoked. Anyone outside the strong set doesn't get included in Wotsap anyway. > connected group (unlike Bradley and Werner who both make the top 50). > > It is acceptable to trust the key if a lot of posts on public mailing > lists have used the key and no one has queried their authenticity > already. Although it would be possible to hack mailing list archives > servers and resign the posts in the archive with a fake key. With all those fake ID's to resign and post, that's quite a job! Solution to all your paranoia: Join the gnupg-users list - then you won't have to rely on a public archive, you can have your own archive on a personal system that cannot be altered. (Werner actually doesn't tend to sign his emails to the mailing list anyway - just to feed your paranoia! You could still email the list or Werner directly for verification, using the email address from your archive instead of from the UID of the key.) All genuine changes to the GnuPG package are always (discussed and) announced on the list beforehand anyway. With Werner as one of the main contributors to the list, an unannounced package would be obvious and a faked announcement would simply be dumb. > So ultimately I'm just pushing up the ante required to defeat my > verification attempts. > > I agree I'm being super paranoid, but only because I was curious about > the scope of the web of trust, not because I think I'm running a trojan > GPG, if I really thought that I'd have to fall back to a "known" good > version. The web-of-trust works for individual keys, if a new key appears then the verification has to start all over again - the WoT can't help you with deciding if someone has decided to change the key they use. The only true verification would be to contact the person directly - after all, if they have not changed their key, they need to know! > Beside the smart money is backing compromising Werner's key ;-) Your best best is to join the list and build an independent archive of messages that can give you the assurance you'd need to challenge the fake key. You could even use my archive. I use MHonArc to archive personal email just as the DCLUG site archives this list. Archives are regularly burnt to CD-R and with 500Mb of other data, it'd be easy to verify that the system date/time had not been changed - emails you send me as signed and encrypted are all archived in their encrypted form and will display the time and date that YOU sent them. This cannot be changed without invalidating your signature. You can easily verify that it actually was your key that signed the encrypted data. It would be impossible to claim that the CD-R was written before that date. Heck, I'd even sign the ISO image itself before burning and email you the sig if it'd make you happy! (Can't burn the sig to the CD as it'd alter the iso, but I'd burn the sig to the next CD.) In fact, that's a darned good idea for my own records! Before writing the CD, make a detached signature of the ISO image, maybe even print the signature and enclose it with the CD. :-)) -- Neil Williams ============= http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?sn=Neil+Williams
Attachment:
pgp00007.pgp
Description: signature