{"id":841,"date":"2019-01-31T07:00:36","date_gmt":"2019-01-31T06:00:36","guid":{"rendered":"https:\/\/blogs.gentoo.org\/mgorny\/?p=841"},"modified":"2019-01-31T07:00:36","modified_gmt":"2019-01-31T06:00:36","slug":"evolution-uid-trust-extrapolation-attack-on-openpgp-signatures","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/mgorny\/2019\/01\/31\/evolution-uid-trust-extrapolation-attack-on-openpgp-signatures\/","title":{"rendered":"Evolution: UID trust extrapolation attack on OpenPGP signatures"},"content":{"rendered":"<p>This article describes the UI deficiency of Evolution mail client that extrapolates the trust of one of OpenPGP key UIDs into the key itself, and reports it along with the (potentially untrusted) primary UID.  This creates the possibility of tricking the user into trusting a phished mail via adding a forged UID to a key that has a previously trusted UID.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/dev.gentoo.org\/~mgorny\/articles\/evolution-uid-trust-extrapolation.html\">Continue reading<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article describes the UI deficiency of Evolution mail client that extrapolates the trust of one of OpenPGP key UIDs into the key itself, and reports it along with the (potentially untrusted) primary UID. This creates the possibility of tricking the user into trusting a phished mail via adding a forged UID to a key &hellip; <a href=\"https:\/\/blogs.gentoo.org\/mgorny\/2019\/01\/31\/evolution-uid-trust-extrapolation-attack-on-openpgp-signatures\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Evolution: UID trust extrapolation attack on OpenPGP signatures&#8221;<\/span><\/a><\/p>\n","protected":false},"author":137,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[10],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/841"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/users\/137"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/comments?post=841"}],"version-history":[{"count":2,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/841\/revisions"}],"predecessor-version":[{"id":843,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/841\/revisions\/843"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/media?parent=841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/categories?post=841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/tags?post=841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}