On Sat, 17 Oct 2015 15:31:22 +0100 Antoine Amarilli <a...@a3nm.net> wrote: > Package: gnupg > Version: 1.4.19-5 > Severity: wishlist > > Dear Maintainer, > > By default, gpg requests keys using HKP server <keys.gnupg.net>. This allows a > passive attacker to obtain information about the keys requested by the user, > which may be harmful in terms of privacy. And HKP server requested to verify .sign file downloaded from cdimage.debian.org. Let's assume active attack like this: Step 1) You try download iso file from cdimage.debian.org, but man in middle redirect you to very.evil.org server. Step 2) You download files from very.evil.org, compare hash to SHA256SUMS file, and check SHA256SUMS file through "gpg --verify SHA256SUMS.sign". Then, you see some like "Signature made Wed 11 Nov 2015 20:08:10 GMT using DSA key ID 12345678 Can't check signature: public key not found". Step 3) You run "gpg --recv 12345678"... And yes, man in middle redirected you to keyserver.very.evil.org with false public key. Step 4) You run "gpg --verify SHA256SUMS.sign" one more time... And see "Good signature from evil hacker", because you get false signature with false public key. And this is very big hole in security.
