[openpgp] Re: Certificate discovery over HKP
Daniel Huigens <d.huigens@protonmail.com> Wed, 09 April 2025 09:40 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0C6AE197447F for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 02:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01fqyekDnBqa for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 02:40:20 -0700 (PDT)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8DEBE197447A for <openpgp@ietf.org>; Wed, 9 Apr 2025 02:40:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1744191619; x=1744450819; bh=VDaJ6bX6XnLOrTnLwcwm8nmyMdSsGts39BElzLnsTrQ=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=lVnGqwurQZUbohJWf+a2LLP5ljrcVxMvtnFY0dIsb/QAJOXP/pBgk9DYFZAU8ZN/u c6fmiLoqtstLze63qYiJ0jb3jTg2jbVoaBPQ5utCiovoTOOvLFH+Ptl6iD8DnI2mr6 c6jtOclQViLyfJTh42RUk1Nw9Xlg5PsmA+gU/J4UuIBs3oBv5I2k2m9L4Pa9O9zxCq NnIdR4DYpk/giiPopHytjYBYTGsqQBESgHGq3t+Ffvi0sT/stSn5CFsnaQE3b2PFfd UDZpEr0pBb3iWRZS6/bEX1ccRQ4hEVYfOJB1pbfiAhitAtOJUZsnTMWsIXr1Qd8ocX vh8vXxMzUl6ew==
Date: Wed, 09 Apr 2025 09:40:12 +0000
To: Andrew Gallagher <andrewg@andrewg.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <ywsjaFv5IFyH29E5KNpWJkz3HN2HJG6-YpLDB7kdCrmq7SpjM5m0ufn-bkD6p05nwYMYtw-eiNEO8wdcNqnLI9Xp2CgHlWq7g3D0zvCtNY0=@protonmail.com>
In-Reply-To: <64E8EDAE-CCD3-483C-BB7D-B08499253752@andrewg.com>
References: <-0Idgc9O4unvMWFMaXJXFqwK7IJCVXnK2ElLGWK8XjHd3juaDt-bShTiuu0V8KCDR_Uubqjr33I4F-A8xp9KpZkoJcORRXSHII9NXNaU64s=@protonmail.com> <64E8EDAE-CCD3-483C-BB7D-B08499253752@andrewg.com>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 2bd15474a544df5b7763365805ca81c718163111
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: OZBKLM35YDFTJQ7PLHQ5LPWDN6HJEXSL
X-Message-ID-Hash: OZBKLM35YDFTJQ7PLHQ5LPWDN6HJEXSL
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Certificate discovery over HKP
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IMoZDCkXgdt05ot_UesFzbnxCfI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On Tuesday, April 8th, 2025 at 21:41, Andrew Gallagher wrote: > An MITM could redirect to a malicious keyserver and serve a fake cert with an attacker-controlled encryption subkey. They could even bind the real subkey as a second encryption subkey to make the attack silent. For the recipient, they can make the attack silent also when serving no key, if they can MITM the email as well (which is the only scenario where any of this is a real attack), because they can encrypt the email with the recipient's key before sending it on (and after reading the contents). So the only difference here is that the attack is silent also for the sender, in the sense that they will still see that the message will be encrypted, if they trust the keyserver. Perhaps that's still significant in the sense that they might be more willing to send sensitive data in an encrypted email (but then again, you could argue that in that case they should verify the key first). Best, Daniel
- [openpgp] Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Daniel Huigens
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Vincent Breitmoser
- [openpgp] Re: Certificate discovery over HKP Daniel Huigens
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Vincent Breitmoser
- [openpgp] Re: Certificate discovery over HKP Bart Butler
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher