On 17/03/15 22:34, Doug Barton wrote:
>> Assuming they're all protected by https, nothing.
>
> I think you missed my point. If all three resources related to verification
> are
> provided by the same source, then verifying the fingerprint gets you zero
> added
> security. It's more or less equivalent to using a hash by itself.
No, I think that's what I mean as well. If they all come from the same source,
it gets you nothing to check the signature. So I don't see why you would verify
the signature at all.
> So to start with, that's a pretty big hurdle to jump, and if you have access
> to
> do that, then you almost certainly have access to do other things like
> changing
> the fingerprint to verify.
By creating a short key ID collision, I'm also getting those people that read
your e-mail or a similar thing somewhere on the web, and just download the short
key ID. I'm also getting those people that get a "BAD signature" and then do a
new --recv-key with the short key ID in an unfortunate attempt to get it to
verify ("hmmm, maybe it has expired?").
Like you said, I passed a big hurdle. I'm either MITM, or I write-accessed the
ftp server of gnupg.org. Why stop there when it's so little effort to create a
short key ID collision? It sounds fun in a perverse way.
But back to my primary objection:
I consider it bad advice to tell someone to rely on the short key ID. Sounds
like a bad habit potentially getting bootstrapped to me.
That's really all this is about.
You could also say they should check the sha1sum, like Clark ended up doing. Or
typing
gpg --fingerprint -k 4F25E3B6
and checking it says
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
uid [ full ] Werner Koch (dist sig)
sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
with a little caveat that you should actually get the fingerprint from somewhere
trusted, not from a stranger. That would already go a long way. When I include
non-trivial code to be entered on someone's PC, I always include the disclaimer
"Please understand what you are doing here, never enter on your PC what a
stranger on the internet tells you to". At least, I think and hope I do, might
have forgotten in my enthousiasm sometimes.
Or don't check at all and simply see if it crashes during installation. I
wouldn't be surprised if it included a checksum in the .exe as part of the
installer.
But we obviously disagree in an informed way. I know I can be rather principal.
Thanks for appreciating my enthousiasm though :).
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
