On Mon, Nov 07, 2005 at 04:17:20PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >I'm afraid I don't understand what you're asking here. How backsigs > >work? > > > > > And what is the "theory" behind them,... e.g. how do they improve security?
Current signing subkeys have a weakness in that they can be moved from one key to another without the key owner's approval. This means that if I sign a message with a signing subkey, someone else can lift the (public) signing subkey off of my key, attach it to theirs, and issue a new binding signature for it. This person can then claim to be the person who signed the message. Note that this person doesn't have the secret key or the passphrase - they can't issue NEW signatures. They can only claim to be the signer for existing signatures. They also can't stop the original signer from claiming ownership. If it comes down to two people, both claiming they issued a particular signature, just ask them both to sign a challenge (a different challenge for each). The impostor won't be able to. Anyway, back signatures avoid all that by adding a signature from the signing subkey on the primary key. This proves that the owner of the signing subkey is not an impostor, since the impostor could not issue such a signature. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
