psi-im
OpenPGP support assigns contact public key ID from untrusted source
Current implementation assigns public key ID received from untrusted source - from XMPP server. This option is enabled by default. Automatic key assignment happens only if contact has no key assigned already. Also, assignment happens only if public key is present in GPG keyring and status signature verification succeeded.
However, it creates good soil for key spoofing initiated by server if following conditions met:
- Victim has attacker's key in GPG keyring (even if without trust: [1], [2]).
- Victim didn't assigned key yet and didn't paid attention
In this case unidirectional MITM attack may take place. Note that Psi doesn't allow to verify which key is currently selected for contact.
Probably, more interesting case can be achieved in conjunction with JID address mimicking. Upon next time client loads roster from server on startup, server may kick some contact from roster and add a similarly looking one. For example for my JID [email protected] it can be yаrmа[email protected]. Latin "a" replaced with cyrillic "а". Effectively it cancels requirement (2). Key gets assigned from presence, everything is ready to go.
This option has to be removed completely in order to be serious about end-to-end encryption.
