[PATCH] ship sks-keyservers.netCA.pem in distributed tarball
Christoph Anton Mitterer
calestyo at scientia.net
Thu Dec 10 00:33:48 CET 2015
On Wed, 2015-12-09 at 18:21 -0500, Daniel Kahn Gillmor wrote:
> A) do you want your keyserver pushes and fetches to be visible to
> everyone along the network path or whether you want them to be
> limited to whichever keyserver operator you end up choosing?
>
> B) do you want your traffic to the keyserver (and its responses to
> you)
> to be undetectably modified by anyone along the network path, or
> do
> you want the tampering to be limited to the set of keyserver
> operators?
Both, however, don't protect against any attacker simply setting up a
keyserver and directly trying to get privacy related information or
mangle around with the data.
> This is very far from a complete security guarantee. But it is
> substantially better than cleartext over the public Internet.
Agreed, but as I've said... we shouldn't make ourself believe that this
makes things really secure... (or even trustworthy).
> Please don't make it harder to make some progress even though it's
> clear
> that we all share the goal to eventually provide an even stronger
> guarantee.
I don't think I've said or did anything that made it harder... just
that this alone isn't enough.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20151210/e4012bb4/attachment-0001.bin>
More information about the Gnupg-devel
mailing list