New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pius fails to sign User IDs that have no e-mail address #109

Open
dkg opened this Issue Jan 19, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@dkg
Copy link

dkg commented Jan 19, 2019

some keys, like 25FC1614B8F87B52FF2F99B962AF4031C82E0039, have a user ID that has no e-mail address.

If the user indicates that they intend to certify that user ID, its certification should be attached to any other certification that can be sent -- so the certifications are sent in tandem.

So for example, if an OpenPGP certificate looks like:

uid 0: Alice Jones
uid 1: Alice Jones <alice@example.net>
uid 2: Alice Jones (CEO) <boss@example.biz>

then the e-mail that goes to alice@example.net should contain the certification for User IDs 0 and 1, and the e-mail that goes to boss@example.biz should contain the certification for User IDs 0 and 2.

That way, if the recipient gets any of the e-mails, they can see a certification over the user ID that has no e-mail address.

(this is how caff treats this kind of User ID, as well as how it treats User Attributes (attached photos), fwiw -- i've raised an issue about how pius deals with User Attributes in #110)

@jaymzh

This comment has been minimized.

Copy link
Owner

jaymzh commented Feb 9, 2019

That would be a security issue for sure. If I have a key like:

UID 0: Bill Clinton
UID 1: Alice Jones <me@example.net>

And I use your proposed algorithm, the user now validates that this individual is Bill Clinton. Now, granted, one should look down the list of all UIDs before signing, but I think this behavior would be super misleading.

It is an interesting question on how to handle this though. I'm thinking something like an extra prompt. Something like:

$ pius -r /tmp/keyring.gpg --include-no-email-uids -A
pub   rsa4096/A123B456C789D123 ...
         Key fingerprint = ....
uid 0: Alice Jones
uid 1: Alice Jones <alice@example.net>
uid 2: Alice Jones (CEO) <boss@example.biz>

Have you verified this user/key, and if so, what level do you want to sign at?
  0-3, Show again, Next, Help, or Quit? [0|1|2|3|s|n|h|q] (default: n) 3

This key has a UID with no email address (UID 0: Alice Jones). How would you like to handle this:
  (I)gnore this UID, Send it to an (a)lternate UIDs email? [i|a] (default: i) a

Please select where you'd like the signature to go:
  (1) Alice Jones <alice@example.net> (UID 1)
  (2) Alice Jones (CEO) <boss@example.biz> (UID 2)

[1|2|s|q] (default: s) 1

Signing all UIDs on key A123B456C789D123
  There are 3 UIDs on this key to sign
  UID 1 (Alice Jones): signed, emailed to Alice Jones <alice@example.net>
  UID 2 (alice@example.net): signed, emailed
  UID 3 (boss@example.biz): signed, emailed

$

We could do the same thing for photo UIDs...

@jaymzh jaymzh self-assigned this Feb 9, 2019

@jaymzh jaymzh added the enhancement label Feb 9, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment