GPG beginner: how to decide if I trust sks-keyservers.net

3

I am reading the GPG pre-pre-tutorial at https://riseup.net/de/security/message-security/openpgp/best-practices . Upon clicking on a link to a .pem file at sks-keyservers.net in Firefox, a window opens asking me if I want to trust this as a new Certificate Authority.

Q1: The window which lets me inspect the certificate for this CA displays:

Could not verify this certificate because the issuer is unknown.

Can we say "of course" as there is - in fact should be - no one else in a higher hierarchy level than a CA? Or do I have the wrong mental model of the certification as a pyramid with only one central authority?

Q2: How do I proceed when in doubt? IMO sks-keyserver.net looks like the very mother of the GPG trust network - why isn't that one preinstalled in Mozilla?

Q3: Is there only always one CA active when using GPG? Do I need to switch manually?

Vroomfondel

Posted 2019-08-18T20:16:50.843

Reputation: 143

Answers

2

Can we say "of course" as there is - in fact should be - no one else in a higher hierarchy level than a CA?

No, of course not. If that were the only issue, Firefox wouldn't even ask – the certificate already says it's a CA. Instead, what it's asking you about is:

  1. Do you trust this specific CA to be a CA? Anyone can make their own certification authority – this doesn't mean they'll do a good job at it. (Many large and 'trusted' CAs have gone bad.) Do you trust the SKS pool operator to not issue false certs, and to protect the CA key from being stolen?

  2. Are you sure you got the correct certificate for this CA? Anyone can make their own certificate with any name on it – if you're about to mark it as trusted, you'd better be sure it's the real "SKS CA" and not a cheap knockoff "SKS CA", as they might look identical except for the 'fingerprint' value. You have to verify this because indeed there is no higher CA that would verify a root CA.

(Basically, you're getting this dialog box because as far as your system cares, you are in a higher hierarchy level than all CAs.)

Or do I have the wrong mental model of the certification as a pyramid with only one central authority

That was the original model to be used for S/MIME (and later HTTPS) in the 1990s, with RSADSI as the central authority. However, the monopoly didn't last long – eventually it became a list of several competing certification authorities. (Now it's known as the "WebPKI" system and has several dozen CAs not counting resellers.)

More importantly, it's the complete opposite of PGP. There are no central authorities for PGP keys – it was originally meant to be a "web of trust". The CA you're about to install plays no role in PGP key verification.

Instead, you start by verifying some PGP keys yourself (e.g. of your friends), and can mark those people as authorities. There is no pre-defined list of CAs who would verify everyone.

IMO sks-keyserver.net looks like the very mother of the GPG trust network - why isn't that one preinstalled in Mozilla?

For one, as just mentioned above, the SKS CA has nothing to do with the PGP trust network whatsoever. It doesn't issue certificates to people – only to keyservers. So it's only used for privately communicating with the keyservers over HTTPS, but whether you even use HTTPS for it or not doesn't really affect PGP.

And Mozilla doesn't deal with the PGP trust network in any way. HTTPS (TLS) as used by public website is entirely separate – it uses the "WebPKI" trust network.

The SKS pool's operator decided to run their own CA rather than relying on WebPKI CAs, which I suppose is partly due to distrust of the CA system in general, and partly because the pool operates in a way that makes using commercial CAs difficult (every pool server uses a single certificate with two domain names on it).

Because the SKS CA was built for a special purpose and does not issue certificates for the general public, it wouldn't be suitable for Mozilla's trust list anyway.

All of the above leads to the last point: You're not actually meant to install this certificate into a web browser, nor actually access the keyservers through a browser. Sure, you can do that as most of them offer a web interface, but the keyservers are primarily meant to be used by GnuPG itself – you're supposed to download that .crt file and configure it in GnuPG.

This actually limits how much you need to "trust" it – since it doesn't have to be installed on your web browser, that means it cannot affect your daily browsing in any way; it can only affect GnuPG software.

(And the SKS CA actually comes preinstalled and preconfigured with all latest GnuPG versions. Whatever tutorial you're reading is quite out of date.)

Q3: Is there only always one CA active when using GPG? Do I need to switch manually?

PGP doesn't use any X.509 CAs at all for its core functionality. (The only purpose of the SKS CA is for communicating with the keyservers privately.) PGP keys are verified by other PGP keys so it allows multiple "CAs" by design.

For keyserver HTTPS communication, GnuPG supports multiple CAs, they all just need to be in the same file. But you won't need to change them until you change the keyserver address itself.

Web browsers already use multiple CAs for HTTPS.

user1686

Posted 2019-08-18T20:16:50.843

Reputation: 283 655

The situation with SKS keyservers has also changed a bit; using them is now merely "acceptable practice because it's what we've got". Both GnuPG and SKS software are too fragile. – user1686 – 2019-08-18T22:20:43.377

I was in the process of reading into Tails and the installation via web pages leads to the manual that I linked in my question – Vroomfondel – 2019-08-19T15:25:07.530

Asked: 2019-08-18T20:16:50.843

Viewed: 68 times

Active: 2019-08-19T10:20:12.167