SKS and GnuPG related issues and possible workarounds
wk at gnupg.org
Wed Jul 3 11:58:15 CEST 2019
On Wed, 3 Jul 2019 05:06, rjh at sixdemonbag.org said:
> As I understand it the current list of targeted keys is myself, dkg,
> Werner, Patrick, and Kristian. It is clear the attacker's goal is to
I am not yet affected except for these few thousand old xmas fun
> Werner will no doubt be updating GpgOL as well.
I am sorting out some other bugs and hope to get a release out next
week. I tend to make
the default to avoid importing possible crap from the keyservers.
no-self-sigs-only should allow to revert for those who still want to
receive updates from the anyway overloaded keyservers. A command to
clean affected keys would also be useful but it might be better to get a
new release out early than to implement a feature which needs quite some
time taking testing. (https://dev/gnupg.org/T4591)
What we can also do is to remove the default keyserver feature we
introduced with 2.2. This means that anyone who wants to use a
keyserver needs to pick one and not rely on defaults.
The other thing I have in mind to actually add to 2.2 is to re-purpose
--search-keys to update from WKD or DANE instead looking up at the
> of OpenPGP is to verify package signatures; for the small fraction that
> use it for email, Enigmail is the most dominant choice, with GpgOL a
Frankly, I doubt that given the many users of Gpg4win compared to those
of Linux desktops. But this is a different topic.
> The real damage is going to be to people's workflows. A whole lot of
> people are going to be impacted by these fixes and we can expect to need
Actually not being able to fetch a key from the keyservers can improve
security or at least avoid problems sending mails encrypted to the wrong
key. (see my comment above on --search-keys).
Why can't we have such problems at times when it is cold and rainy and
you can anyway only sit at your desk ;-).
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-users