recommendation for key servers
wk at gnupg.org
Wed Jun 30 19:45:29 CEST 2021
On Wed, 30 Jun 2021 12:18, Justus Winter said:
> I fear that the mechanism has not been very well designed. In short, I
> believe it is not complete, not functional, and dangerous:
Find below a copy of Justus' comment
teythoon commented 8 hours ago
I have grave concerns regarding the authenticated key replacement
mechanism as proposed by HIP-1 and implemented in current hockeypuck
versions. I believe it to be not complete, not functional, and
First, because it uses OpenPGP's detached signature mechanism, it
requires a signing-capable (sub)key. Therefore, the mechanism fails to
protect OpenPGP certificates without signing-capable (sub)key. The
solution is not complete.
Second, after a key has been replaced with a clean version, presumably
to get rid of a flood of certifications, an attacker can simply re-add
the certifications. The replacement mechanism does not assure
sovereignty, only a momentarily relief. Therefore, the solution is not
I haven't looked into how gossiping plays into that, but if gossiping
uses the same policy as updates using hkp, then gossiping will also
re-add any third party certifications.
Third, the pair of keytext and keysig are a capability to reset the copy
of the certificate on the server to keytext. If a malicious party ever
gets hold of such a pair, then they have the ability to remove updates
from the certificate stored on the server. Undoing an update that
extends the validity period of a certificate leads to an DoS because the
certificate can no longer be used (e.g. for encryption). Undoing an
update that revokes a key leads to a certificate being used even though
it shouldn't, compromising authenticity and confidentiality. Therefore,
I conclude that the mechanism is dangerous.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel