Modified user ids and key servers and a possible security risk?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Aug 25 20:37:08 CEST 2010
On 08/25/2010 01:19 PM, Robert J. Hansen wrote:
> On 8/25/10 12:58 PM, Daniel Kahn Gillmor wrote:
>> keyservers do no cryptographic verification whatsoever. I think this is
>> (historically) for several reasons:
>
> [good reasons 0-3 skipped]
>
> 4) Asymmetric cryptography is computationally expensive. I would not
> want to think about the CPU load of a keyserver that did verification of
> every new certificate, user id, user attribute, etc., etc.
Keyervers receive relatively few new certifications each day, certainly
a small fraction of the number of requests they emit.
Compared to offering hkps service (HKP-over-TLS on port 443), i doubt
we'd notice a big computational cost differential, but i have no
quantitative data on that.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100825/a7fe60c8/attachment.pgp>
More information about the Gnupg-users
mailing list