IETF Logo Mail Archive

Re: [openpgp] Expected client behaviour ambiguity in signature verification

Andrew Gallagher <andrewg@andrewg.com> Tue, 12 July 2022 20:32 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFE4C14F606 for <openpgp@ietfa.amsl.com>; Tue, 12 Jul 2022 13:32:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cdap6X3OertC for <openpgp@ietfa.amsl.com>; Tue, 12 Jul 2022 13:32:22 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E45C14F72B for <openpgp@ietf.org>; Tue, 12 Jul 2022 13:32:18 -0700 (PDT)
Received: from smtpclient.apple (unknown [176.61.115.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by fum.andrewg.com (Postfix) with ESMTPSA id 570615ECAC; Tue, 12 Jul 2022 20:32:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1657657932; bh=mgwDnz/3e9wwMm5HQvW56nrKfIm8mlH1r8gki7qt3HA=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=tHHZ1+QHW7O4poaQUGnE/0liTQF5iTRMPyKZUUXJ3SGHyFMurDCqSFG4q7IR/Kr9I UGcZ7T6MUpBLR5RJqeZbUMD0HooesGvicZ2zNicFIug3m6KOCO0ZslhJ3OMyURE7RS 771asWvJVZ01aXwW06DJ1FzdJKAyhZ+c+Ra230JNmR2ICt7eJBgkjxo3vPjfDQJ3Go 3/7mi/OKyFQjyVlPyiy9EeMAw68o5DnlsAgUSdgtjzbv1IbU+UeaBbKXjj07y2AGGa S6hRHxZitueQ7Ni19CxuuwTgsiWAxzf9YiM6fLJAkr/8L3bF6Az0/f3ZgfzKB6mNcH 8iiE8h1ERtWww==
Content-Type: multipart/signed; boundary="Apple-Mail=_1D0F4D39-2A39-435A-86B2-2960870157AB"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <IdS0-BxA6w80HLI578WI9YpxpzFb0MbynW3DOEhCWSF825_1qT6Dj6KlYX5CYs9-VYOJoNlj-8KZ6dd6ywX3xufc11_k_vScRCI-F1ik9XM=@protonmail.com>
Date: Tue, 12 Jul 2022 21:32:02 +0100
Cc: Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
Message-Id: <25F2FE86-5B9E-4211-A526-FBCBD18EAA30@andrewg.com>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <rFGQzFpo7YRJdeCEIqSDMYYZhf_svkyx8UHG3GE__VMZFj2pRAbcTa-G9jjQoppUln1XNblYl6Lbjn7wMDMLqwzTJxB-hO0RwAofwLJL7wc=@protonmail.com> <87sfnbx3we.fsf@europ.lan> <HcMPnSrBDMEb2UqLScL9OTrornuJln5O0WG0ZBe2FLW3Q3YbJ9plFBKGJGdWYyVF-Wz9HA6supa9tXH5y8DfJTe05cUD5Uk0VciCnGuQNMo=@protonmail.com> <87pmifx2km.fsf@europ.lan> <Gjz95aE4GW3B-PIIf3VWobfxKwlSPyI-yU5L7B5zM-6QBv48RXZrrXvIkFQ5NUd9g64Ai9Adzqxahueo5LEqWRCY-Hjj9dRZeI2JYlaWqd4=@protonmail.com> <87let3wxtj.fsf@europ.lan> <ejV91k6cLZSWu6XKlMLLyVhrwpYOJWOD6q4Ekp6veU53kVA4kSNM1zZ1EoCJG2QJLlYoq2Rylxd7LWxssmPji5ozUn8iZHiD1f3x8vqJ2wc=@protonmail.com> <637768CF-CD88-4A2C-BC58-EE2945A1F008@andrewg.com> <IdS0-BxA6w80HLI578WI9YpxpzFb0MbynW3DOEhCWSF825_1qT6Dj6KlYX5CYs9-VYOJoNlj-8KZ6dd6ywX3xufc11_k_vScRCI-F1ik9XM=@protonmail.com>
To: Daniel Huigens <d.huigens@protonmail.com>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/YA4dP_93qNiFBYmLwYNURrvPaws>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2022 20:32:27 -0000

Thanks for the correction. What must therefore be happening is that something else (gnupg?) is duplicating the sigs onto the correct object, and then go-crypto is dropping the incorrect ones (it’s definitely doing at least *some* of the cleanup). It may be sufficient to leave it like that; anyone with a sufficiently broken key is likely to either upload a fixed one or have someone else do it on their behalf, at which point we can discard the duplicates.

Thanks,
A

> On 12 Jul 2022, at 20:13, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote:
> 
> go-crypto currently doesn't move signatures from one object to the other
> if they're incorrectly ordered. I think it would return an error in
> that case, since it verifies signatures during parsing (except for
> third-party signatures on the User ID) - whether that's desirable is
> of course also debatable but that's what it does currently.
> 
> Best,
> Daniel
> 
> 
> ------- Original Message -------
> On Tuesday, July 12th, 2022 at 19:38, Andrew Gallagher <andrewg@andrewg.com> wrote:
> 
>> On 8 Jul 2022, at 15:22, Daniel Huigens d.huigens@protonmail.com wrote:
>> 
>>> On Friday, July 8th, 2022 at 15:14, Justus Winter wrote:
>>> 
>>>> You said before that you prefer not to use the reordering heuristic.
>>>> But how else should the keyserver fix the certificate?
>>> 
>>> I meant more that they could do a manual intervention for the keys where
>>> that happened, perhaps. (Particularly in the case where the keyserver
>>> itself broke the key, I didn't mean that they should fix up these keys
>>> in general.) Then, they could also verify the signature packets with
>>> each of the components, to check where it should be placed.
>> 
>> 
>> Hockeypuck already fixes such badly-ordered sigs, because it uses go-crypto to parse the key material before serving to clients, and AIUI this normalises signatures implicitly. (There are knock-on issues about how to deal with the non-normalised back end storage but those are orthogonal to this discussion…)
>> 
>> A
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email