psusi at ubuntu.com
Wed Jan 17 15:38:45 CET 2018
On 1/15/2018 3:00 PM, Robert J. Hansen wrote:
> It's from 2003. It doesn't need modernization.
> Keyservers are designed the way they are for a reason. If keyservers
> *never ever discard or modify existing data*, then you can easily
> identify any code which theoretically might be able to discard data as a
> bug, a vulnerability, or tampering with it by a malicious actor. It
> makes code review easier and it makes it difficult for repressive
> regimes to surreptitiously take down certificates belonging to dissidents.
> This "we never discard or modify existing data, we only ever add new
> data" rule has some *really really nice* properties for information
> security. However, it also comes with a downside: we can't discard or
> modify existing data.
> It's a package deal. When SKS was being built in the early 2000s there
> were vigorous discussions about what properties we wanted in a
> keyserver. We knew exactly what we were getting into.
If data can't be deleted, and it isn't even verified by the server when
it is added, then can't someone DOS my key, or possibly the entire
network, by appending infinite garbage to it?
More information about the Gnupg-users