[smime and gpg] (was: Trust and public keys)

[Uwe Brauer]

>>> "Jens" == Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:

   > On 2015-11-18, at 15:04, Uwe Brauer wrote:
   >> Correct but this applies to smime and gpg.

   > I’ll refer to this point below.

   >> [...]

   > No, please re-read the paragraph starting with: “If I cannot replace”

So you are talking only about evil clear signed messages, which are sent
by some smtpmail hacking, say in my name.

Well this does not pass the reality check in my experience. People
usually do not check clear signed messages, that is they do not check
whether an un encrypted message is signed or not.

They tend to check whether *encrypted* mails are signed.

Now in order that the attacker sends an evil *encrypted and signed*
message say in my name, to Joe Foo, this attacker needs the public key
of Joe Foo.

However in the smime model he usually cannot download that key from some
server but has to interchange with Joe Foo smime signed messages (which
include the public keys) so either at the end he needs to hack my mail
account or obtain that key by some other more complicated (social)
attacks.

In order to do something similar in gpg the attacker needs to hack
directly my account where I have my private gpg keys installed. Well.




   >> I don't see much of a difference between
   >> 
   >> -  the pgp scenario: to place a falsified  pgp key on a server 
   >> 
   >> -  the smime scenario:  to crack a smime certificate by breaching a
   >> CA (which is more difficult that placing a falsified pgp key).

   > I agree to your above statement “Correct but this applies to smime
   > and gpg.”  Thus, I consider the following attacks to be comparable:
   > Upload some OpenPGP key and register some S/MIME certificate.


Agreed.


   > However, newbies are warned not to trust downloaded OpenPGP keys,
   > while I’m not aware of similar warnings for “trusted” (signed)
   > S/MIME certificates.

Well most users I know are not over--enthusiastic about applying for a
free certificate from a organisation they barely know[1], but in
practise I tell them I will send them a signed message in 5 minutes
which contains my public key. So they do not over trust that model and
accept every key from everybody without thinking.

But again my scenario is about having a on the fly encryption which
works without much hassle for the newbies.

A question I really would like to ask Edward Snowden is what he thinks
about smime and whether NSA and friends have backdoors installed.


   >> Again the question was is smime easier to use.

   > No.  The question was whether someone on this list uses S/MIME with
   > OpenSSL and would object to a change of defaults to epg.

Right, the original question was that, but I made a point about the
simplicity of the smime model.

   > The current topic is “Trust and public keys.”  I changed that in
   > response to your e-mail where you stated: “Keys signed by these
   > authorities have to be trusted 100 \%.”

Again by the model, not as an recommendation or a moral advice.

   > The ensuing discussion helped me to see clearer: There are S/MIME
   > certificates that have been issued without checks (except ability to
   > receive e-mail), which I find ridiculous given the goal of
   > certification.  The situation is even worse than I thought
   > initially.

Well you could go for a class 2 certificate.[2]  But I admit I also learnt
something about gpg: it is not as safe as I thought, since it seems to
difficult to identify trusted public keys from a server.

Best

Uwe 

Footnotes: 
[1]  and they are even worried that this organisation keeps a copy of
     their private key. That however I have checked, and seems not to
     happen with Comodo, I don't know the other organisations.

[2]  actually I don't know anybody who posses such a certificate.