I contacted Ralf Senderek on this point, since I had read in several places (Slashdot e.g.) that GnuPG was not vulnerable, whereas my distinct impression from reading Ralf's paper was that GnuPG *was* vulnerable. So I wrote him for confirmation. Here are his remarks re: GnuPG: It is the only software I saw putting a version4-self-signature on a RSA-key. So it helps to contaminate RSA-keys which would otherwise be fairly protected, when in oldstyle format. In the new format the RSA-key-ID will change and this is detectable. That should settle the question, IMHO. Best, Corvin On Tue, Aug 29, 2000 at 05:11:41PM +0200, Rupert Kittinger wrote:
Stefan Suurmeijer wrote:
Check out the gnupg discussion lists. The addresses can be found at www.gnupg.org. On the first line you can also find the following:
--> Snip GnuPG is not vulnerable to the faked ARR (aka ADK) attack as PGP 5 and 6 is. The reason for this is that GnuPG does intentionally not handle those "additional recipients requests". BTW, those Big Brother packets are not defined in the OpenPGP standard - they are a proprietary PGP extension. --> Snap
Yes, I DID check out the gnupg develop maillist.
Please correct me if I make a mistake, but I come to the following conclusion:
gpg might be secure, but if anybody uses an insecure pgp-descendant to encode to my public key, the ciphertext is not necessarily secure, because somebody might have inserted an ADK into my public key.
The possibility to modify signed keys seems to have dire consequences on the "network of trust"-concept, which is central to pgp.
Rupert
-- Rupert Kittinger
Department of Mechanics and Mechanisms Graz University of Technology Kopernikusgasse 24/III A-8010 Graz pgp-keyID: EB7E995C; get public key from http://www.openpgp.net/pgpsrv.html --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--
Corvin Russell