Key poisoning

MFPA 2017-r3sgs86x8e-lists-groups at riseup.net
Thu Aug 15 21:50:37 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 15 August 2019 at 7:07:34 AM, in
<mid:9B2C2E8C-669E-4E0B-95F2-063AE03396A7 at andrewg.com>, Andrew
Gallagher wrote:-

> Also, if thousands of
> separate keys have
> signed another key, making it unusable, how do we
> decide which of
> those thousands of keys are legit and which the bad
> actors?
> Generating lots of keys on modern hardware is not
> difficult.

Does the attacker even keep the same signing keys to use again? Each
key could be dumped after adding its signature to the target key. The
suggested blacklist could soon grow to be a crippling overhead for the
keyserver.

- --
Best regards

MFPA                  <mailto:2017-r3sgs86x8e-lists-groups at riseup.net>

Beware the deadly donkey falling slowly from the sky
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCXVW3jV8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw
Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju
+p0hAP41O5yaJ515MrR96zg9Q9I10Cuy54lSrIk+ZHZkvROcRwEAwO+sl8WbImDE
MWOPszYYgh55/IKsyL4CMCyVIPP44QaJApMEAQEKAH0WIQRSX6konxd5jbM7JygT
DfUWES/A/wUCXVW3jV8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw
REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/xtjD/9CrOG0mu655f6EWK69mRlRcclj
J4dXznJ1HFy7WC3pV9/mEhBjgVIvsHGv/IMQzx7oQSm8Q6e+iY7OvK4gp1sRZ5Gt
q8GUVW2L3uzXaGO2XDWOP3JnMwg1VPGLfF6XbV9Kzr02Rg/kcAaeffefYWfSUSJr
P9oBfFut5BeBbEAJE6AZdgBnccRJWOOtd19haHEBnhS4wb2pCUA4J6h1760Tg2Nv
1IrjICnz2w20gLxbUKJkwZGpA5fg5rRVOAjPWGtBqzVCgW11/KhoNg9/5EOjdmau
bOo2PpXj5evSzF7HB715Ivf/Yp7AnJIe8QNvkFa7gHylt1R2WRZ4bmhehHE0UWFD
zs7ga3ynxquYWFe+IM4eOXmwVjdAU/IuxigztPSsyvdB9zg+oL/ADO4TzPd8+aDY
xURX8tTMPVuI8ETfxQFcrVyk5gGcPvqUaE/t/AfnbjbCqacqmUNxdRC9jF7ArNP3
+F6RNorFKaDQj/30pG4nqSX7uHfoq2rOZifSmhIXmHToIVUcKxXKamWeJ3V3xgLg
PVD0Igan1TbuU6L74fUYZAQq1diz3Ab4VaD2QjVfkVKW4Co02tbJDtTEPY5QMuPK
XD3e++TNJVXBsteEI7Vg0M/G3ZM4OSC4PvS953PrnngkQ4LOrHY3D6HiavD+tlbf
c9VUzHfbfULsmlVqpA==
=Gz3/
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list