On Wed, 2014-06-18 at 15:29 +0200, Vincent Lefevre wrote: > At least you > need some 3rd party to check certificate revocation. But if it is > malicious, it could tell you that the certificate has been revoked > (even if it isn't), and you have the same problem as now... well, > almost.
It's actually worse the other way round: Per definition you blindly must trust some 3rd party to check for revocations. - in X.509 this is your CRL or OSCP ... - in OpenPGP this is your keyserver... In BOTH cases you have the problem that someone else (namely the CA respectively the keyserver operator) can do blocking/downgrading attacks, i.e. not presenting the revocation at all, or giving some older state of your key/signatures. In the X.509 case you have the additional problems that: - both CRL/OSCP are technically fragile - at least some browsers (all?) don't check for it per default In OpenPGP you have the additional problems that: - at least until know communication with the keyservers is usually unsecured: so not only the keyserver operator can attack you, but anyone else that can MitM. - there are gazillions of keyserver operators (like me) and OpenPGP implemntations usually default to some pool of keyservers... so in the end you do not only have to trust one 3rd party (like - at least technically - with X.509) but ??? 3rd parties to give you the correct data. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
