GPG: auto-key-retrieve should prefer WKD over Keyserver
Closed, ResolvedPublic

Description

I think that I have reported this already but I can't find the issue anymore.

auto-key-retrieve first fetches from the keyserver and tries WKD only as a fallback.

That is bad because we can assert some trust based on the key origin if the key came from WKD. We cannot assert that trust if the key came from a keyserver.

So in GpgOL you would get "Level 2 trust" in a key if you received it through the "locate-key" mechanism but no trust if you received it by verifying a mail.

Having the key from WKD would also help with the auto update mechanism that is based on the key origin.

aheinecke created this task.Jul 1 2019, 9:13 AM
ilf added a subscriber: ilf.Jul 1 2019, 12:02 PM
werner edited projects, added gnupg (gpg22); removed gnupg.
werner moved this task from Backlog to For next release on the gnupg (gpg22) board.Jul 3 2019, 6:14 PM
dkg added a subscriber: dkg.Jul 3 2019, 7:11 PM

auto-key-retrieve happens in the context of signature verification when the certificate is missing. If no signer User ID subpacket is present in the signature, then WKD simply won't work.

If a signer User ID is present, its value may or may not have anything to do with the visible sender of the message.

Assigning "trust"(‽ i think you don't mean the same thing as gpg means for "trust", please use a distinct term) based on the fact that it was fetched via WKD in the context of an arbitrary signature seems pretty risky. What is the user supposed to infer about this certificate, even if it allows validation of the signature?

@dkg I believe @aheinecke gave the GpgOL description just as an example of why WKD-first retrieval would be beneficial (for details of that see https://wiki.gnupg.org/AutomatedEncryption#Trust_Levels) and I believe this ticket is a follow-up to my question on gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2019-June/034372.html

If you see problems with the trust levels in context of GpgOL I think a new, different ticket would be appropriate.

werner closed this task as Resolved.Jul 5 2019, 10:49 AM

Done for master and 2.2.

The order of methods tried to lookup the key is:

  1. If a preferred keyserver is specified in the signature and the option honor-key‐server-url is active (which is not the default), that keyserver is tried. Note that the creator of the signature uses the option --sig-keyserver-url to specify the preferred keyserver for data signatures.
  1. If the signature has the Signer's UID set (e.g. using --sender while creating the signature) a Web Key Directory (WKD) lookup is done. This is the default configuration but can be disabled by removing WKD from the auto-key-locate list or by using the option --disable-signer-uid.
  1. If the option honor-pka-record is active, the legacy PKA method is used.
  1. If any keyserver is configured and the Issuer Fingerprint is part of the signature (since GnuPG 2.1.16), the configured keyservers are tried.