Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Question regarding unknown certificates

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


gnupg.user at seibercom

Oct 25, 2011, 5:48 AM

Post #1 of 9 (299 views)
Permalink
Question regarding unknown certificates
I have a group of certificates listed that I am unable to delete. I
have tried using GPA and from the command line. Neither works. I did a
screen capture of these keys. This is the URL:

http://seibercom.net/logs/FP1.png

These appear to be listed in the "/usr/local/share/gnupg/com-certs.pem"
file on my system.

http://seibercom.net/logs/com-certs.pem

Since most of these certificates appear to be expired anyway, can I
just delete that file? I am not sure why they are being listed anyway.
What is there purpose?

I am running on a FreeBSD-8.2 amd64 system if that makes any difference.

--
Jerry ✌
GNUPG.user [at] seibercom
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Oct 25, 2011, 11:27 AM

Post #2 of 9 (296 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On Tue, 25 Oct 2011 14:48, gnupg.user [at] seibercom said:

> These appear to be listed in the "/usr/local/share/gnupg/com-certs.pem"

These are defaults certificates automagically imported into a new
keybox.

> Since most of these certificates appear to be expired anyway, can I
> just delete that file? I am not sure why they are being listed anyway.

Yes.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Jan 3, 2012, 1:59 AM

Post #3 of 9 (192 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On Tue, 25 Oct 2011 20:27, wk [at] gnupg said:
> On Tue, 25 Oct 2011 14:48, gnupg.user [at] seibercom said:
>> Since most of these certificates appear to be expired anyway, can I
>> just delete that file? I am not sure why they are being listed anyway.
>
> Yes.

I will keep them in the file because these certificates are useful in
the "chain" validation model. Usually we use the "shell" model where
expiration dates have an obvious meaning. For German qualified
signatures the "chain" model is required. Basically, it compares the
expiration date to the date given in the signatures.



Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jerome at jeromebaum

Jan 3, 2012, 5:10 AM

Post #4 of 9 (194 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On 2012-01-03 10:59, Werner Koch wrote:
> I will keep them in the file because these certificates are useful in
> the "chain" validation model. Usually we use the "shell" model where
> expiration dates have an obvious meaning. For German qualified
> signatures the "chain" model is required. Basically, it compares the
> expiration date to the date given in the signatures.

I lack the experience to understand how the chain model makes any sense
at all. Would anyone care to elaborate?

In my understanding, a signing key can be set to expire to help prevent
unauthorized use. AFAIK there is no other use in expiring a signing key.
The situation is different with an encryption key but let's focus on
signing keys because that's what CA keys are. So we need only worry
about abuse.

Now say I'm a CA and my key is set to expire in 4 weeks. I now make a
certification on another key that is set to expire in a year. Now look 5
weeks into the future, my key is stolen. At this point, in the shell
model, the key is useless to an attacker -- the point in expiring my key
in the first place. But in the chain model, the attacker can just
back-date any certification.

To protect against this in the chain model, we need qualified
timestamps. To protect against this in the shell model, we only need
common sense -- I'm pretty sure nobody here emailed a reply to this very
message a few weeks ago. Time only moves forward.

I do see that we can use qualified timestamps for this. But then the
timestamp either needs to be renewed on a regular basis, or the key that
signs the timestamp needs to have a long expiration date. If I renew the
timestamp regularly, why not just renew the certification directly? If
the timestamping key has a long expiration date, all else being equal,
it is more vulnerable than the CA key.

So we need to make up for that by protecting the timestamping key more
carefully. But we need at least as many timestamps as we need CA
certifications. Therefore the timestamping key must be as readily
available as the CA keys. To make it more well-protected, we therefore
need a higher investment, resulting in higher fees. These higher fees,
at least by proxy, now apply to CA certifications as well. We might as
well have directly protected the CA keys more carefully.

What have we gained compared to the shell model? What did I miss?


--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.
Attachments: signature.asc (0.86 KB)


wk at gnupg

Jan 3, 2012, 6:32 AM

Post #5 of 9 (191 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On Tue, 3 Jan 2012 14:10, jerome [at] jeromebaum said:

> I lack the experience to understand how the chain model makes any sense
> at all. Would anyone care to elaborate?

No. There is sufficient information about this available. For example
check out the BSI documents pertaining to the qualified signature.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


kloecker at kde

Jan 3, 2012, 12:49 PM

Post #6 of 9 (192 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On Tuesday 03 January 2012, Jerome Baum wrote:
> On 2012-01-03 10:59, Werner Koch wrote:
> > I will keep them in the file because these certificates are useful
> > in the "chain" validation model. Usually we use the "shell" model
> > where expiration dates have an obvious meaning. For German
> > qualified signatures the "chain" model is required. Basically, it
> > compares the expiration date to the date given in the signatures.
>
> I lack the experience to understand how the chain model makes any
> sense at all. Would anyone care to elaborate?
>
> In my understanding, a signing key can be set to expire to help
> prevent unauthorized use. AFAIK there is no other use in expiring a
> signing key. The situation is different with an encryption key but
> let's focus on signing keys because that's what CA keys are. So we
> need only worry about abuse.
>
> Now say I'm a CA and my key is set to expire in 4 weeks. I now make a
> certification on another key that is set to expire in a year.

What expires a year from now? Your signature on the other key or the
other key itself? I guess you meant the other key. (If you sign a key
with a key with expiration date with GnuPG then you will be asked
whether the signature shall expire at the same date as your key.)


> Now
> look 5 weeks into the future, my key is stolen. At this point, in
> the shell model, the key is useless to an attacker -- the point in
> expiring my key in the first place.

If your key is stolen, but not compromised, i.e. the attacker has not
cracked your password, then the key is useless to the attacker
regardless of any expiration. OTOH, if your key is compromised then the
attacker will simply set a new expiration date.

The only protection against abuse of a stolen (and potentially
compromised) key is the revokation of the key.


Regards,
Ingo
Attachments: signature.asc (0.19 KB)


jerome at jeromebaum

Jan 3, 2012, 1:37 PM

Post #7 of 9 (192 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On 2012-01-03 15:32, Werner Koch wrote:
> No. There is sufficient information about this available. For example
> check out the BSI documents pertaining to the qualified signature.

I have read the three paragraphs (out of 165 pages) that "Grundladen der
elektronischen Signatur" spends on this. They say (words to the effect of):

The law says so.

(I see there could be use-cases for the chain model, as there could be
use-cases for any validity model, but I'm asking if anyone knows a
practical example. I always took gnupg-users to be a user-friendly list
of people happy to help out with general crypto-related questions. In my
mind for most cases the chain model is overly risky, no?)


--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.
Attachments: signature.asc (0.86 KB)


jerome at jeromebaum

Jan 3, 2012, 1:41 PM

Post #8 of 9 (192 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On 2012-01-03 21:49, Ingo Klöcker wrote:
> On Tuesday 03 January 2012, Jerome Baum wrote:
>> Now say I'm a CA and my key is set to expire in 4 weeks. I now make a
>> certification on another key that is set to expire in a year.
>
> What expires a year from now? Your signature on the other key or the
> other key itself? I guess you meant the other key. (If you sign a key
> with a key with expiration date with GnuPG then you will be asked
> whether the signature shall expire at the same date as your key.)

I see the ambiguity in my sentence. In the context of German qualified
signatures, it's the other key. That's also what I meant.

>> Now
>> look 5 weeks into the future, my key is stolen. At this point, in
>> the shell model, the key is useless to an attacker -- the point in
>> expiring my key in the first place.
>
> If your key is stolen, but not compromised, i.e. the attacker has not
> cracked your password, then the key is useless to the attacker
> regardless of any expiration. OTOH, if your key is compromised then the
> attacker will simply set a new expiration date.

I meant that the attacker got at the raw key material somehow.

The attacker can't always set a new expiration date. Consider that the
CA key may be confirmed by some master CA which sets the expiration date.

So this question wasn't specific to OpenPGP. (I know this list is called
"gnupg-users" but so far my experience has been that the list is very
friendly for off-topic talk/questions to a reasonable extent.)

> The only protection against abuse of a stolen (and potentially
> compromised) key is the revokation of the key.

There's an example in my email of how an expiration date can be useful:

> But in the chain model, the attacker can just
> back-date any certification.
>
> To protect against this in the chain model, we need qualified
> timestamps. To protect against this in the shell model, we only need
> common sense -- I'm pretty sure nobody here emailed a reply to this very
> message a few weeks ago. Time only moves forward.

So the shell model certainly offers protection against certain types of
abuse that the chain model doesn't offer protection against.

Digging deeper into this it appears the hybrid model is an excellent
compromise, with better security than the chain model but still with
long-term non-repudiation.

(I misunderstood the shell model to be the hybrid model. I was surprised
to find out that the shell model expires data signatures as soon as any
certificate in the chain expires.)

Out of those three options, the chain model is the only one in which
this scenario is a problem:

1. CA key has expired.

2. Certifications may be back-dated.

3. (Data) signatures may not be (e.g. follow-up to this thread can't be
three weeks ago).

4. Attacker has access to secret key material (after expiration).

So what is a good reason to use the chain model as opposed to the hybrid
model? I see that you can want data signatures to last beyond the CA
key, but why would you want that for a certification? (And don't tell me
"because SigG says so". :) )

(I'm not at all trying to conclude the chain model is useless. Like I
said I haven't dug deep enough into this material to fully understand
the implications. That's what I'm trying to do and was hoping someone
could share their wisdom. :) People are nicer to interact with than
books and PDFs. )


--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.
Attachments: signature.asc (0.86 KB)


wk at gnupg

Jan 4, 2012, 1:38 AM

Post #9 of 9 (185 views)
Permalink
Re: Question regarding unknown certificates [In reply to]
On Tue, 3 Jan 2012 22:37, jerome [at] jeromebaum said:

> of people happy to help out with general crypto-related questions. In my
> mind for most cases the chain model is overly risky, no?)

Yes. To make it work it requires online revocation checks. That opens
yet another can of worms. See also the recent discussion thread on
coderpunks about revocations of software signing certificates.


Shalom-Salam,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.