> -----Original Message----- > From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users- boun...@gnupg.org] > On Behalf Of Ingo Klöcker > Sent: Monday, March 05, 2012 3:37 PM > To: gnupg-users@gnupg.org > Subject: Re: invalid gpg key revocation > > On Sunday 04 March 2012, Robert J. Hansen wrote: > > On 3/4/2012 4:13 PM, auto15963...@hushmail.com wrote: > > > Hello. Supposing I create a key with an arbitrary user ID... > > > > This seems to me to be a simple question wrapped up in a lot of > > unnecessarily specific details: "How is it possible for a > > non-authorized person to revoke a user ID?" > > > > 1. Mathematical weakness in the underlying > > algorithms (unlikely but possible) > > 2. Critical bug in GnuPG (unlikely but possible) > > 3. Someone's swiped your private key (disturbingly > > possible) > > 4. He has left his laptop unlocked and unattended for a very short period > of time and he is using gpg-agent with a cache-ttl > 0.
I do in fact use gpg-agent and a cache >0, but this machine is not in a workplace or public location. It is in my home, in a place where visitors have no access, and my family would not have been able to do this. My machine has considerable security. I am not saying it would be 100% impossible to get access, but I am saying that if there is a possibility, I am not aware of it and I need to be so that I can prevent it recurrence. I do believe that there is another more plausible explanation. For instance, what procedure occurs at the server itself that allows the revocation to occur? Is it a fully automated event? Is there a way for a person without a key to issue a command to the server in any way to make this happen? > > I have verified that one can generate a revocation certificate without > entering a passphrase if one has previously signed something (e.g. an > email). So, it was probably just a very nasty prank. This is good information, but I personally would give it a stronger name than prank. > > Maybe gpg shouldn't use the cached signing passphrase (or any cached > passphrase) for generating a revocation certificate. This does sound like a reasonable consideration, in my opinion. At least, I would like to have that option configurable. > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
