It was said:
-- begin quote --
Now that the PGP key management "bug" is public, I'd like to comment
on some source code issues and follies.
-- end quote --
The quotes around "bug" are quite appropriate. After reviewing Senderek's
paper, I can only conclude that the addition of non-hashed subpackets was a
design decision intended to facilitate exactly this type of attack. The
capability of contaminating existing keys with unhashed ADKs is particularly
disgusting, given that this, too, must have been a criterion of the design
decision.
Now that the "bug" has been outed, some points come to mind:
Will some enterprising cypherpunk create a tool that can simply and easily
disclose the presence of an unhashed ADK in a public key?
Can the popular keyservers' keyrings be downloaded in toto?
Given the above, it should be possible to download the major keyrings and scan
them for compromised keys. A list of such keys could (and should) be published.
The keys' owners could (and should) be notified. It would also be possible, I
think, to clean such keys of unhashed ADKs and resubmit them, although I'm not
sure about the propriety of this (since there could be some key owners that
approve of, or at least do not object to, the unhashed ADK's presence).
It also seems that the keyservers themselves, given they already posess the
input data, would benefit from taking the above actions themselves. It would
earn them good karma in the crypto community. And not taking any action is sure
to earn them bad karma, especially if a simple detection and reporting tool is
created and made available (open source, of course).
Now... where'd I put that GPG source?
