Stop-gap for signature flooded keys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 1 19:13:37 CEST 2019
On Mon 2019-07-01 18:57:03 +0200, Werner Koch via Gnupg-devel wrote:
> into gpg.conf to skip all key-signatures at an early import stage. This
> will go into 2.2.17. We track this problem at https://dev.gnupg.org/T4591
Thanks for taking the time to work on this, Werner. I don't think this
is an appropriate fix, though.
As I've commented on T4591,
If i am going to tell anyone "hey, do this weird thing differently in
order to fetch my key", i will tell them "pull it from
https://dkg.fifthhorseman.net/dkg-openpgp.key". I will never tell
anyone to use import-self-sigs-only.
Not only that, but the current implementation of import-self-sigs-only
also does not appear to be robust against a malicious certificate
flood given SKS's lack of cryptographic validation. Adding a new
option to an already-crowded space is not the right solution. The
right solution is for gpg to be more defensive about the OpenPGP
packets it receives, regardless of who it receives them from.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190701/1cd421f5/attachment.sig>
More information about the Gnupg-devel
mailing list