[pkg-gnupg-maint] Bug#830479: Bug#830479: Bug#830479: gnupg2: new trust level "poisoned"
Neal H. Walfield
neal at walfield.org
Sat Jul 9 09:07:06 UTC 2016
On Fri, 08 Jul 2016 18:18:50 +0200,
Simon Richter wrote:
> On 08.07.2016 14:54, Werner Koch wrote:
> 2. mark the key as invalid/unusable.
>
> If someone I trust signs the fake key, that key is marked as "valid", so
> signatures will be accepted and the key becomes a candidate for
> encryption. As this is a result of updating the key and checking the
> trustdb (which both happens noninteractively and automatically in many
> contexts), the user does not have any notification, and since usually
> the date is newer, that key is even preferred.
>
> For the user to notice, they would have to compare the long key ID
> before sending a mail, which is exactly what we want to avoid.
You can do this part using the new TOFU functionality. Specificaly,
you just need to set the TOFU policy for the key to bad (gpg2
--tofu-policy bad KEYID).
For this to work, you'll need to enable the TOFU trust model. Since
it sounds like you actively use the WoT, you should enable the
tofu+pgp model, which combines the WoT and TOFU. If you don't want
the trust of first use part of TOFU, you can set the default trust to
unknown using --tofu-default-policy. In this case, the TOFU TM will
only be used for explicitly set policies.
:) Neal
More information about the pkg-gnupg-maint
mailing list