Vulnerability Development mailing list archives
Re: Keyservers Cross Site Scripting (When CSS Gets Dangerous)
From: Len Sassaman <rabbi () quickie net>
Date: Tue, 23 Apr 2002 23:26:32 -0700 (PDT)
On Sat, 20 Apr 2002, Noam Rathaus wrote:
A security vulnerability in the way the server returns results of key queries allows attackers to insert malicious code into existing replies. This is of particular danger when it comes to keyservers, since the key information itself is usually considered as highly trustworthy.
While I'm not attempting to discount the fact that this is a serious flaw in OKS, and that the lack of vendor action is disturbing, I do have to point out that the above claim is, in fact, incorrect. Key information on key servers is usually considered highly *untrustworthy.* Key servers are public repositories that exist to make the sharing of public keys easier. A key's existence on a key server does not imply it is trustworthy. There is, first of all, no method in most key servers for authenticating that a given key belongs to the person whose name or email address it bears. Additionally, issues like the 0xDEADBEEF attack, the fact that unauthorized user-ids can be munged onto a legitimate key without the owner's permission, etc., make it *essential* that a user not trust the key servers. Direct fingerprint verification and web of trust analysis are key. Key servers are central points for collating signatures to help propagate the web of trust. If you fail to realize this, or how the web of trust works, PGP will provide you with very little security. --Len.
Current thread:
- Keyservers Cross Site Scripting (When CSS Gets Dangerous) Noam Rathaus (Apr 20)
- Re: Keyservers Cross Site Scripting (When CSS Gets Dangerous) Len Sassaman (Apr 24)