Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 11-Jan-2024 21:57:17 JST Haelwenn /элвэн/ :triskell:
   Quite wonder what would happen if someone would generate OpenPGP keys and purposefully published it, including the private key.
   Because most of OpenPGP usage is pretty much "Look, it's signed, therefore it's good".
   
   (Also the email isn't validated at all, that's a thing you're supposed to do)
   • Embed this notice
     yoshi, the dinosaur from kde (cybertailor@wetdry.world)'s status on Thursday, 11-Jan-2024 22:04:11 JST yoshi, the dinosaur from kde

     in reply to

     @lanodan

     - how does openpgp trust model work?
     - it doesn't

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 11-Jan-2024 22:05:21 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • yoshi, the dinosaur from kde
     @cybertailor Or well, the only way it works is to handle the keys like if they would be pure rsa/ed25519 ones where you explicitly tell which key is valid for a given signature without all the rest (like gentoo does).
     At that point you might as well just use signify.
   • Embed this notice
     Hugo 雨果 (whynothugo@fosstodon.org)'s status on Thursday, 11-Jan-2024 23:52:45 JST Hugo 雨果

     in reply to

     @lanodan Email clients usually show the trust level of a key. I think that “bad signature” is red, signed” is yellow and “signed and trusted” is green.

     At least that’s what I recall, it’s been a while since I’ve received gpg signed emails from known keys.

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 11-Jan-2024 23:52:45 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Hugo 雨果
     @whynothugo Any half-baked software can do the crypto part of signature verification somewhat correctly, OpenPGP problems are due to everything around it being pretty much broken.
     If you verify a signature it shows you the key-id which you can't remember, and the email+fullname which you can remember but aren't trustable fields (even with trust levels, those are for key ids, and do not even freeze the fullnames or emails).
     
     Plus a lot of the usage of OpenPGP isn't for email but for things like signing commits, packages, ISO images, … where the trust model of OpenPGP quite falls flat unless you make up your own layer where key IDs are verified to match what they're supposed to verify, so you don't trust a random key in your keyring (or worse fetch the key automagically and move on).
     
     Which is quite why I end up having more trust on a checksum file downloaded from a trusted server (not a CDN/mirror-site) over HTTPS (where x509 provides hostname authentication) or included in a distro tree, than an OpenPGP one where if I wanted to trust it, I'd need to have an OpenPGP implementation which works like signify (like what gentoo does in verify-sig.eclass).
     feld likes this.