Bug 21889 - Web of trust circumvention by secret key distribution
Web of trust circumvention by secret key distribution
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: gnupg (Show other bugs)
7.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: Security
Depends On: 21498
Blocks:
  Show dependency treegraph
 
Reported: 2000-12-07 07:16 EST by Daniel Roesen
Modified: 2007-03-26 23:38 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-20 11:58:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Roesen 2000-12-07 07:16:44 EST
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
To: gnupg-devel@gnupg.org
Subject: BUG: Web of trust circumvention by secret key distribution
Date: 07 Dec 2000 10:26:45 +0100

This is just some more stuff from the 'cracking GnuPG by cheating'
department.

GnuPG accepts secret keys from key servers.  This means that a secret
key can be added to the secret key ring without user intervention,
making the corresponding public key ultimately trusted and thus
effectively circumventing the web of trust.  (GnuPG has the additional
feature that the key becomes ultimately trusted only after a program
restart, so you will see the 'Could not find a valid trust path to the
key.' message once, but this is worse enough.)

A similiar problem exists with "--import".  IMHO, a separate
"--import-secret-key" option is needed, and secret keys downloaded
from key servers should be discarded.
Comment 1 Daniel Roesen 2000-12-07 07:19:03 EST
From: Werner Koch <wk@gnupg.org>
To: gnupg-devel@gnupg.org
Subject: Re: BUG: Web of trust circumvention by secret key distribution
Date: Thu, 7 Dec 2000 11:47:28 +0100

On Thu, 7 Dec 2000, Florian Weimer wrote:

> GnuPG accepts secret keys from key servers.  This means that a secret
> key can be added to the secret key ring without user intervention,
> making the corresponding public key ultimately trusted and thus

Agreed.

> A similiar problem exists with "--import".  IMHO, a separate
> "--import-secret-key" option is needed, and secret keys downloaded

The new option is called --allow-secret-key-import and works for all
import sources.  Implementing a --import-secret-key (which might
imply that public keys are not imported) is diddicult, so we us
this option.

Should show up on CVS RSN.

  Werner
Comment 2 Daniel Roesen 2000-12-07 07:21:28 EST
OK, now we have _two_ severe security bugs in GnuPG. When can we expect an
update? Bug #21498 is now pending for about a week since patch availabilit -
without any reaction.

Note You need to log in before you can comment on or make changes to this bug.