On 4/16/2021 at 10:24 AM, "Neal H. Walfield" wrote:I just encountered
a complication when respecting the Intended
Recipient subpacket. Others might find this useful. Consider.
Alice has a certificate A with an encryption subkey S. T
Mallory creates certificate M and adopts S. This is possible, because
unlike signing subkeys, encryption subkeys do not need a backsig.
Alice imports the certificate M into her local keystore.
=====
Why would Alice want to import M's key?
Unless M was once a friend of Alice, and unsuspected by her, now bears
her ill will,
and is familiar with her encryption subkey S, and now created a new
certificate M'
with her encryption subkey S, and sends it to the server.
Still, in order for her to Import M' as a new key by M, she would
check first if M' was also signed by M.
If she then sees a decryption problem, she would (thanks to your
pointing this out),
check for duplicate subkey S in her keyring, and then find out that M
does bear her ill will.
As most users are familiar with their encryption subkey's fingerprint,
it would be a good idea to check any prospective public key for an
encryption subkey fingerprint, before importing it.
Thanks for pointing this out.
(Doesn't affect me though, as am from old school that doesn't use
subkeys,
where the primary certificate signs, decrypts and authenticates).
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp