Pgp-signed bugs and bug comments should show that the signature belongs to the person who signed it.

Asked by Sami Haahtinen on 2006-01-14

It would be nice if the bugs (and comments) with PGP signatures would be checked and verified to be from certain persons (assuming that the person has attached the PGP key to their profile). This would eliminate mail fraud and add an extra check for the origin of the bug.

See also bug 161822, about stripping OpenPGP signatures.

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
2006-01-14
Last reply:
2009-08-24
Brad Bollenbach (bradb) said : #1

On 14-Jan-06, at 4:37 AM, Sami Haahtinen wrote:

> Public bug reported:
> https://launchpad.net/malone/bugs/28525
>
> Affects: malone (upstream)
> Severity: Normal
> Priority: (none set)
> Status: Unconfirmed
>
> Description:
> With the use of the mail interface, PGP signatures will eventually
> grow
> more popular (they keep popping up already):
> https://launchpad.net/malone/distros/ubuntu?field.searchtext=BEGIN
> +PGP+SIGNED+MESSAGE
>
> It would be nice if the bugs (and comments) with PGP signatures
> would be
> checked and verified to be from certain persons (assuming that the
> person has attached the PGP key to their profile). This would
> eliminate
> mail fraud and add an extra check for the origin of the bug.

Malone requires GPG-signed mail for filing and modifying bugs. GPG
signing Malone mail is optional for commenting.

You can read more about the email interface at:

   <https://wiki.launchpad.canonical.com/MaloneEmailInterfaceUserDoc>

Does that help?

Cheers,

--
Brad Bollenbach

Björn Tillenius (bjornt) said : #2

On Mon, Feb 06, 2006 at 02:45:05PM -0000, Brad Bollenbach wrote:
> Malone requires GPG-signed mail for filing and modifying bugs. GPG
> signing Malone mail is optional for commenting.
>
> You can read more about the email interface at:
>
> <https://wiki.launchpad.canonical.com/MaloneEmailInterfaceUserDoc>
>
> Does that help?

I think what the reporter wants is that we display in the UI, whether
the key used to sign the message verifies properly and belongs to the
user. I think that's a good idea, since it gives people a chance to
prove their identify when commenting via the email interface. I don't
know what the UI should look like, though, since we'd have at least
three different cases; comment added via the web UI, comment added via
unsigned email, and comment added via signed email. Actually, there's
one more case, comment added via signed email, but key isn't associated
with the person.

Sami Haahtinen (ressu) said : #3

Björn Tillenius wrote:
> I think what the reporter wants is that we display in the UI, whether
> the key used to sign the message verifies properly and belongs to the
> user.

This is exactly what i meant, i should have been more precise though.

> I think that's a good idea, since it gives people a chance to
> prove their identify when commenting via the email interface. I don't
> know what the UI should look like, though, since we'd have at least
> three different cases; comment added via the web UI, comment added via
> unsigned email, and comment added via signed email. Actually, there's
> one more case, comment added via signed email, but key isn't associated
> with the person.

The way i picture the interface would be something like the signed part
wrapped in a <div/> element and then the comment would either be wrapped
in red or green border and a small text telling that the bit is signed
and verified or broken. Normal, unsigned, comments would not be
signified by anything at all.

This should be elegant enough and doesn't have a major effect on the
interface.

One more consideration should be that there can be messages (or
comments) that are just partially signed.

- S

Brad Bollenbach (bradb) said : #4

On 6-Feb-06, at 2:09 PM, Sami Haahtinen wrote:

> Public bug report changed:
> https://launchpad.net/malone/bugs/28525
>
> Comment:
> Björn Tillenius wrote:
>> I think what the reporter wants is that we display in the UI, whether
>> the key used to sign the message verifies properly and belongs to the
>> user.
>
> This is exactly what i meant, i should have been more precise though.

Your suggestion does sound interesting, though I would suggest that
we pursue this further only if we have evidence that demonstrates
this will solve an existing problem.

Can you point me to some examples that demonstrate why this is needed?

Cheers,

--
Brad Bollenbach

Sami Haahtinen (ressu) said : #5

Brad Bollenbach wrote:
>> Björn Tillenius wrote:
>>> I think what the reporter wants is that we display in the UI, whether
>>> the key used to sign the message verifies properly and belongs to the
>>> user.
>> This is exactly what i meant, i should have been more precise though.
>
> Your suggestion does sound interesting, though I would suggest that
> we pursue this further only if we have evidence that demonstrates
> this will solve an existing problem.
>
> Can you point me to some examples that demonstrate why this is needed?

One good and always valid example is forging the sender address. Also
this would bring certain degree of trust to fixes and such within comments.

Another example why this is needed is that one can't cut and paste the
current message to verify the signature, because the formatting done to
the message breaks the signature.

The second case could also be fixed by stripping the signatures too, but
i don't think that would serve any purpose.

- S

rookie_noob (trueasiaticrick) said : #6

There seems to be a problem with the fingerprint you submitted. You can get your gpg fingerprint by opening a terminal and typing:

    gpg --fingerprint

Please try again.

and then i tried it again, its still not accepting my signature;

root@loneman-desktop:~# gpg --fingerprint
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created

rookie_noob (trueasiaticrick) said : #7

keyring `/root/.gnupg/pubring.gpg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
 which of this line is the right one to copy and paste?

rookie_noob (trueasiaticrick) said : #8

hello there,
i tried to sign the conduct with the newest version 1.0.1 still not importing my thingy...
thanks!!

Can you help with this problem?

Provide an answer of your own, or ask Sami Haahtinen for more information if necessary.

To post a message you must log in.