Key poisoning
Robert J. Hansen
rjh at sixdemonbag.org
Thu Aug 15 08:50:14 CEST 2019
> If the keyserver implemented a signer blacklist, (which would scrub the
> blacklisted signature from any current or incoming public keys), what
> consequences am I missing?
Someone already chimed in about how this is "enumerating badness", which
runs counter to best practices in security.
Additionally, the bad guys can create new malicious certificates faster
than the keyserver network can blacklist.
More information about the Gnupg-users
mailing list