From 46a0429b4dcb907e27dc68bee18779c4b12e6155 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 28 Nov 2023 18:10:09 +0100 Subject: [PATCH] ch4: metadata leak --- book/source/04-certificates.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 70e7b5b..7d36807 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -533,6 +533,7 @@ Note that regardless of the OpenPGP version, software that relies on 8-byte Key The historical 4-byte "short Key IDs" format should not be used anywhere, anymore (finding collisions in a 32-bit keyspace has been [trivial for a long time](https://evil32.com/)). +(email-lookup)= #### Looking up certificates by email Searching OpenPGP certificates by email is a use case that often arises. For example, when composing an email to a new contact, the sender may want to find the OpenPGP certificate for that contact. @@ -564,11 +565,20 @@ After the update, the updated copy of the certificate will usually have a fresh ### Metadata leak of Social Graph -Third-party certifications, which are signatures made by other certificates, over identity components, form a back-bone of OpenPGP trust-model called the Web of Trust. The name stems from the fact that the collection of certifications forms a unidirectional graph resembling a web. Each edge of graph connects the signing certificate to the identity component associated with another certificate. +Third-party certifications are signatures over identity components made by other certificates. -OpenPGP software can inspect that graph, and coupled with trust data and a trust anchor (which usually is the certificate holder's own key), can infer whether the target certificate is genuine. +These certifications form the back-bone of the OpenPGP trust-model called the Web of Trust. The name stems from the fact that the collection of certifications forms a unidirectional graph resembling a web. Each edge of the graph connects the signing certificate to the identity component associated with another certificate. -Third-party certifications are published as part of the target certificate to facilitate the process of certificate authentication. Unfortunately, as a side effect of this approach, it's feasible to reconstruct the entire social graph of all people issuing certifications. The certification's signature creation time can be used to deduct whether the certificate owner attended a Key Signing Party (and if it was public, where it was held) and whom they interacted with. +OpenPGP software can inspect that graph. Based on the certification data in the graph and a set of trust anchors, it can infer whether a target certificate is legitimate. + +The trust anchor is usually the certificate holder's own key, but a user may designate additional certificates of organizations they are connected to as trust anchors. + +Third-party certifications can be published as part of the target certificate to facilitate the process of certificate authentication. Unfortunately, a side effect of this approach is that it's feasible to reconstruct the entire social graph of all people issuing certifications. In addition, the signature creation time of certifications can be used to deduce whether the certificate owner attended a Key Signing Party (and if it was public, where it was held) and whom they interacted with. + +So, there is some tension between the goals of + +- a decentralized system where every participant can access certification information and perform analysis on it locally, +- privacy related goals (also [see above](email-lookup), in the comparison of email-based certificate lookup mechanisms, which also touches on this theme). (unbound_user_ids)= ### Adding unbound User IDs to a certificate