An organisation exists called CACert whose primary goals are: “Inclusion into mainstream browsers” and “To provide a trust mechanism to go with the security aspects of encryption.” — Kinda scary to think their stuff may be being added to trusted sets on your computer eh? If you’re not scared yet, read on…

Recently David Pashley had a play with CACert and discovered that it was possible to get one’s PGP/GPG key signed by them while providing them with no conclusive proof that you own the name you claim on the key and with only tenuous demonstrations of owning the email address also.

If I were a malicious third-party I could create keys with email addresses I don’t own (but could intercept), names that were not my own, get them signed by CACert and theoretically obtain some level of trust by doing this.

Fortunately those of us using GPG know better than this and this is why we’re all going to get the CACert Low Security Key and set its trust level to Do NOT trust. The keyid is 9E2BD1F2 and it is a 1024 bit DSA key with a 2048 bit subkey. The subkey is set to expire in 2033 on the 28th July. Kinda pointless eh?

The following is a copy of an IRC conversation between David (JD) and evilbuny (the alleged chief of CACert):

22:22:40 < evilbuny> JD a gpg key signing key was implemented a long time ago, but since very few (relative to the total user base) has assurance points we had to implement a low security (or minimum trust) version as well
22:24:32 < JD> evilbuny: but the low security key is worthless, if not less secure than not signing the key
22:29:24 < evilbuny> JD: it’s what people wanted, they all knew at the time that is the case…
22:30:06 < evilbuny> we are a request driven organisation, if enough people want something and it’s semi-sane suggestion we tend to implement it
22:30:33 < JD> evilbuny: but signing a key without seeing any ID is not even semi sane
22:31:21 < apropos> I have to disagree
22:31:54 < evilbuny> erm we called it a low trust key for a reason
22:32:01 < evilbuny> we issue smime certs without seeing ID as well
22:33:29 < evilbuny> but they’re marked accordingly as well

Unless someone can think of a very very good reason not to; I urge you all to make sure there’s nothing on your systems implicitly trusting until they clarify their signing practices and demonstrate them to be sound.

Comments on this page are closed.