User ID certificates vs key certificates

Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> Tue, 04 September 2001 14:53 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18238 for <openpgp-archive@odin.ietf.org>; Tue, 4 Sep 2001 10:53:44 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id f84EgwO13323 for ietf-openpgp-bks; Tue, 4 Sep 2001 07:42:58 -0700 (PDT)
Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84EguD13314 for <ietf-openpgp@imc.org>; Tue, 4 Sep 2001 07:42:57 -0700 (PDT)
Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15eHP8-0008Gv-00 for ietf-openpgp@imc.org; Tue, 04 Sep 2001 16:42:18 +0200
To: ietf-openpgp@imc.org
Subject: User ID certificates vs key certificates
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Date: Tue, 04 Sep 2001 16:42:18 +0200
Message-ID: <tgheujaugl.fsf@mercury.rus.uni-stuttgart.de>
Lines: 28
User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Sieuwert van Otterloo's paper, 'A security analysis of PGP'
(http://www.bluering.nl/pgp/pgp.ps), describes a more general problem
in a few OpenPGP implementations (but fails to state that it affects
most OpenPGP implementations, not only NAI PGP 5.x to 7.x):

OpenPGP defines certificates as (public key, user ID) pairs, but most
implementations tend to present 'key certificates', and the mapping
from the former to the latter often leaves something to be desired
(especially with PGP 2.6.x, but GnuPG, too, is not yet perfect).

For example, PGP 2.6.3in prints the following messages for a valid
signature created with the key below:

Good signature from user "bad test key".
Signature made 2001/09/04 13:52 GMT using 1024-bit key, key ID E2BB3EE5

However, only the 'good test key' user ID is certified:

pub  1024R/E2BB3EE5 2001-09-04 bad test key
sig        E2BB3EE5 2001-09-04  bad test key
uid                            good test key
sig        C06EC3B5 2001-09-04  Florian Weimer #RC=no RA=RUS CR=own# <Florian.Weimer@rus.uni-stuttgart.de>
sig        E2BB3EE5 2001-09-04  bad test key

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898