recommendation for key servers

Werner Koch wk at
Wed Jun 30 19:45:29 CEST 2021

On Wed, 30 Jun 2021 12:18, Justus Winter said:

> I fear that the mechanism has not been very well designed.  In short, I
> believe it is not complete, not functional, and dangerous:

Find below a copy of Justus' comment



teythoon commented 8 hours ago

I have grave concerns regarding the authenticated key replacement
mechanism as proposed by HIP-1 and implemented in current hockeypuck
versions. I believe it to be not complete, not functional, and

First, because it uses OpenPGP's detached signature mechanism, it
requires a signing-capable (sub)key. Therefore, the mechanism fails to
protect OpenPGP certificates without signing-capable (sub)key. The
solution is not complete.

Second, after a key has been replaced with a clean version, presumably
to get rid of a flood of certifications, an attacker can simply re-add
the certifications. The replacement mechanism does not assure
sovereignty, only a momentarily relief. Therefore, the solution is not

I haven't looked into how gossiping plays into that, but if gossiping
uses the same policy as updates using hkp, then gossiping will also
re-add any third party certifications.

Third, the pair of keytext and keysig are a capability to reset the copy
of the certificate on the server to keytext. If a malicious party ever
gets hold of such a pair, then they have the ability to remove updates
from the certificate stored on the server. Undoing an update that
extends the validity period of a certificate leads to an DoS because the
certificate can no longer be used (e.g. for encryption). Undoing an
update that revokes a key leads to a certificate being used even though
it shouldn't, compromising authenticity and confidentiality. Therefore,
I conclude that the mechanism is dangerous.

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list