[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trust and public keys
|
From: |
Uwe Brauer |
|
Subject: |
Re: Trust and public keys |
|
Date: |
Wed, 18 Nov 2015 15:04:10 +0000 |
|
User-agent: |
Gnus/5.13001 (Ma Gnus v0.10) Emacs/25.0.50 (gnu/linux) |
> On 2015-11-15, at 21:07, Uwe Brauer wrote:
> That came out wrong, then. Part of my problem would be to figure
> out the “real” e-mail address of “Ed Snowden”. If you registered
> the fresh e-mail address “ed.snowden@gmail.com” and uploaded a
> matching key to usual keyservers, then I might fall for that. No
> special attack skills required.
Correct but this applies to smime and gpg.
> I don’t know too much about CAs that issue e-mail certificates for
> free. However, based on your description of Comodo I guess that you
> could also obtain an S/MIME certificate in the above case (for
> ed.snowden@gmail.com after registering that address). So the
> “trust” built into S/MIME seems worthless.
For class 1 certificate yes, for class 2 not, there you have to show up
(and to pay.)
> For me as malicious CA (or intruder into a CA) there is no reason to
> steal the private key as I could generate a certificate with
> matching private key in your name for your e-mail address, which is
> “trusted”. Then I could send signed e-mails in your name. That
> alone might get you into trouble, but you might receive responses
> that alert you about some ongoing attack. If I was a powerful
> attacker, able to replace e-mails on the way, I could additionally
> re-encrypt (modified) responses to your real certificate (or drop
> messages entirely), and you would never know I was there.
> If I cannot replace e-mails on the way, I can still send “trusted”
> signed e-mails in your name and tell the recipients to switch to
> different e-mail addresses with “trusted” certificates. Then,
> again, I can re-encrypt responses to your real certificate and
> e-mail address.
But in all of these scenarios you need to hack the email account. It is
not sufficent just to use a linux smptmail server and manipulate the
form field. You also have to intercept the reply.
I don't see much of a difference between
- the pgp scenario: to place a falsified pgp key on a server
- the smime scenario: to crack a smime certificate by breaching a
CA (which is more difficult that placing a falsified pgp key).
Best
Uwe
Again the question was is smime easier to use.
- S/MIME with OpenSSL?, Jens Lechtenboerger, 2015/11/08
- Message not available
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/10
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/11
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/11
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/12
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/12
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/13
- Trust and public keys (was: S/MIME with OpenSSL?), Jens Lechtenboerger, 2015/11/14
- Re: Trust and public keys, Uwe Brauer, 2015/11/16
- Re: Trust and public keys, Jens Lechtenboerger, 2015/11/16
- Re: Trust and public keys,
Uwe Brauer <=
- Re: Trust and public keys, Jens Lechtenboerger, 2015/11/19
- [smime and gpg] (was: Trust and public keys), Uwe Brauer, 2015/11/22
- Re: Trust and public keys, Uwe Brauer, 2015/11/16
- Re: S/MIME with OpenSSL?, Peter Münster, 2015/11/12
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/13