Why hashed User IDs is not the solution to User ID enumeration
Werner Koch
wk at gnupg.org
Sat Jan 28 12:19:18 CET 2012
On Sat, 28 Jan 2012 02:52, JPClizbe at tx.rr.com said:
> Having keyservers support no-modify requires that they first support crypto.
> That's a really big step.
And a dangerous step. With keyservers doing crypto, beyond a possible
TLS connection, they will be very low hanging fruit for DDoS attacks.
With today's cheap botnets it will be very easy to flood the keyservers
with requests to add new user ids or signatures. Even if they queue the
requests they will be unresponsive and worse it will not be possible to
upload legitimate key updates (e.g. revocations).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list