was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Aug 13 20:26:49 CEST 2019

On 8/13/2019 at 7:59 AM, "Kristian Fiskerstrand" <kristian.fiskerstrand at sumptuouscapital.com> wrote:

>As you correctly point out its really not that relevant for 
>subkeys. It does have security implementations for signing 
>subkeys; see
>[cross-certification section] for some details on that.
>[cross-certification section]

GnuPG has been requiring cross-certification for a very long time, 
which would mean that an attacker who attaches a person's listed subkey to a different masterkey, 
would still not be able to do anything with it, because the attacker can't make it cross-certify.

Being simplistically naive here,
How difficult would it be to get keyservers to agree that only the key owners can submit new signatures to their own keys?
(i.e., The owner's detached signature of the public keyblock having the new signature, required together with any submitted key with a new signature.) 

A Denial-of Service attack will still always be possible against a keyserver, 
since it is easy for an attacker to generate a large volume of legitimate keys, with only a self-signature, 
and upload them to the keyserver,
but at least then, no individual key by a real user, could be attacked.


More information about the Gnupg-users mailing list