Duplicated User IDs arisen

David Shaw dshaw at jabberwocky.com
Mon Jun 21 14:25:28 CEST 2004

On Mon, Jun 21, 2004 at 01:26:22PM +0200, Werner Koch wrote:
> On Wed, 16 Jun 2004 23:04:02 -0400, David Shaw said:
> > distribution channel does not have to be secure.  Who cares if a
> > keyserver is hacked up one side and down the other?  Unless it is
> We use keyservers also for revocations.  A cracked keyserver might
> ignore revocations for certain keys and thus gives the attacker a way
> continuing the use of a compromised key.

But there is a crucial difference between a secure distribution
channel and a reliable distribution channel.  An attacker cannot
falsely revoke a key - the best he can do is try to prevent a
revocation from being distributed.

This is similar to a denial of service where the attacker tries to
prevent a user from getting a key in the first place, in hopes they
will send a message unencrypted.


More information about the Gnupg-users mailing list