Garbled data in keyservers
Werner Koch
wk at gnupg.org
Thu Dec 6 09:03:32 CET 2018
On Wed, 5 Dec 2018 19:56, stefan.claas at posteo.de said:
> Well, my understanding would be that a least one (search) criteria
> would be needed to fetch a key, right? And if so i could also imagine
Right, the fingerprint. And maybe the long keyid for a transitional
period because not all software already includes the fingerprint in the
signature.
> that this one criteria could be abused as well, in form of a given
> link to that resource, as long as it can be fetched via the web.
Being able to search for a fingerprint does not allow you to search for
the latest blockbuster movie to get a torrent link. Thus there is no
incentive to use the keyservers as an index and running a keyserver will
be safer for most operators.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181206/0d680359/attachment.sig>
More information about the Gnupg-users
mailing list