dshaw at jabberwocky.com
Mon Jul 26 19:32:34 CEST 2004
On Mon, Jul 26, 2004 at 01:20:26PM -0400, Atom 'Smasher' wrote:
> is this considered an attack:
> mallory generates a few thousand (or more) keys and signs bob's
> key with all of them (maybe spoofing different dates). mallory posts bob's
> signed key to a keyserver, where these signatures will spread and become a
> burden, not an asset, to bob's key.
> mallory could also create keys with UIDs of infamous persons, and post
> those public keys to the keyservers, giving the *impression* that bob's
> key was signed by mass murderers, rapists, war criminals, etc.
It's not a really useful attack since it does not actually impact the
security of the system. It's more of an prank. It happened quite a
bit back in the PGP 2 days (check out some of the sigs on prz's key),
but then people got bored with it since it doesn't actually do
> of course the way to avoid this (and similar nuisances) is to require that
> certification signatures (0x10 - 0x13) must be accepted by bob's primary
> key before they are accepted by OpenPGP implementations (especially
> keyservers). however, bob must be able to import such a key signature
> before it's accepted, or he will have no way to accept it.
> and, of course, if bob accepts a certification signature from alice, alice
> must be able to revoke that signature without requiring acceptance from
> is it feasible (or desired) to add such a mechanism to the OpenPGP
Already in there. That's what the keyserver no-modify flag is for.
No keyserver currently follows it though.
More information about the Gnupg-devel