Keyserver/security bug 1447 (and 1446 too)

Werner Koch wk at
Mon Dec 3 11:04:37 CET 2012

On Mon,  3 Dec 2012 04:55, gnupg-devel at said:

>> saying. GnuPG does a SRV lookup for hkps under (for example)
>>, and resolves to
>>  It then makes a https call to
>> that host, but is using as the SNI,
>> as that matches the host name. You are arguing that it should have
>> used as the SNI?
> Correct.  That's the only verifiably trustworthy name available.  All
> other names could have been tampered with, without detection (unless

I have some more questions:

What root CA is to be used?  One of the usual PKIX ones or a dedicated
for the pool or all keyservers?  If the latter, who is in charge of
creating the certificates?

Do you demand the servers should use a certificate issued by the pool
operators (e.g. as Sub CA)?  Or shall they merely use the pool name as
an alternative server name?

Why do do you think the pool's name is more trustworthy than the
individual server name?  We are still talking about round-robin DNS,

> Sorry to have been the bearer of bad news about the size of the can of
> worms you opened when adding SRV support.

The problem is more that you want to use PKIX for a system which was not
designed for it.



It is a pitty that the keyserver-folks list is dead or that the
SKS(?) operators don't discuss infrastructure topics on a

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list