Re: Trust and public keys

[Uwe Brauer]

[+]
   > On 2015-11-13, at 18:55, Uwe Brauer wrote:

   > The number of signatures does not tell much.  Attackers can create
   > as many as they like.


[+]
   > That depends on the scenario.  If I know your “real” e-mail address,
   > it does not hurt if I use a public key for that e-mail address that
   > I just “found” (e-mail, key server, homepage).

   > If an attacker, say Mallory, created that key in your name, Mallory
   > would need to intercept all e-mails encrypted under that forged key
   > and replace them with e-mails encrypted to your real key (or
   > plaintext ones) to go undetected.  I don’t think that ordinary human
   > beings need to care about attackers of such power.

   > Of course, if they did care, all they would need to do is verify key
   > fingerprints via some out-of-band channel.  No signatures required,
   > but admittedly beyond the reach of “illiterate” users.

   > (Besides, attackers that are able to replace encrypted e-mails should
   > also be able to create S/MIME certificates for other people’s e-mail
   > addresses.)

I am bit confused by all the scenarios. Just to make that clear.

If I had to communicate something really secret say with Ed Snowden, I
would use of course use gpg[1] and not smime, ,
then I would try somehow to compare the fingerprints of the keys by some
secure means (a secure chat).

Now if you say that all the above scenarios are usually out of reach of
«normal» attackers, I am curious to see what a security breach in a CA
would really imply (see below)

[+]
   > The color map at [0] shows about 650 of them.

Nice map, however on my laptop screen I cannot see much and understand
what these colors mean, sorry.

[+]
   > Do you realize what you just said?  With CAs, the positive term
   > “trust” is misused to hide something else.  “Having to trust” just
   > does not make sense.

C'mon, sigh, don't take this «literate». I just wanted to describe the
basic concepts of smime. There are two type of certificates, self signed
which are not to be trusted and those signed by a CA, these are trusted
by the model.

Whether you (the user) should trust them is another question.

[+]
   > I don’t trust CAs, for good reasons. Trust has to be earned. PKIs
   > fail with the weakest link, and there are too many examples of
   > broken links [1, 2, 3, 4, 5].

Ok, now let us play this to the end. Let us assume that a CA, say comodo
is breached, now what does this imply??

When I apply for a certificate the private key is generated by the crypt
module of my browser. Are you suggesting that this is also hacked? That
indeed would be disastrous. Then indeed the intruder could obtain a copy
of my private key and sell it to some sinister organisation.

Or what else could the attacker do, and how long realistically would
such a breach go on undetected? For months?


[+]
   > Please, do not misuse the term “trust”.  I wrote about that in some
   > detail elsewhere [6].

I know.

Again I just claimed that for the «normal» user, with moderate security
demands smime is the easier solution, nothing more.

Best

Uwe


Footnotes: 
[1]  Among other things, with gpg I can generate a larger key say 4096
     that with smime.