Bug 21889

Summary: Web of trust circumvention by secret key distribution
Product: [Retired] Red Hat Linux Reporter: Daniel Roesen <dr>
Component: gnupgAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: high    
Version: 7.0CC: courfeyrak, jarno.huuskonen, redhat
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-12-20 16:58:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 21498    
Bug Blocks:    

Description Daniel Roesen 2000-12-07 12:16:44 UTC 
From: Florian Weimer <Florian.Weimer.DE>
To: gnupg-devel
Subject: BUG: Web of trust circumvention by secret key distribution
Date: 07 Dec 2000 10:26:45 +0100

This is just some more stuff from the 'cracking GnuPG by cheating'
department.

GnuPG accepts secret keys from key servers.  This means that a secret
key can be added to the secret key ring without user intervention,
making the corresponding public key ultimately trusted and thus
effectively circumventing the web of trust.  (GnuPG has the additional
feature that the key becomes ultimately trusted only after a program
restart, so you will see the 'Could not find a valid trust path to the
key.' message once, but this is worse enough.)

A similiar problem exists with "--import".  IMHO, a separate
"--import-secret-key" option is needed, and secret keys downloaded
from key servers should be discarded.
Comment 1 Daniel Roesen 2000-12-07 12:19:03 UTC 
From: Werner Koch <wk>
To: gnupg-devel
Subject: Re: BUG: Web of trust circumvention by secret key distribution
Date: Thu, 7 Dec 2000 11:47:28 +0100

On Thu, 7 Dec 2000, Florian Weimer wrote:

> GnuPG accepts secret keys from key servers.  This means that a secret
> key can be added to the secret key ring without user intervention,
> making the corresponding public key ultimately trusted and thus

Agreed.

> A similiar problem exists with "--import".  IMHO, a separate
> "--import-secret-key" option is needed, and secret keys downloaded

The new option is called --allow-secret-key-import and works for all
import sources.  Implementing a --import-secret-key (which might
imply that public keys are not imported) is diddicult, so we us
this option.

Should show up on CVS RSN.

  Werner
Comment 2 Daniel Roesen 2000-12-07 12:21:28 UTC 
OK, now we have _two_ severe security bugs in GnuPG. When can we expect an
update? Bug #21498 is now pending for about a week since patch availabilit -
without any reaction.