SKS and GnuPG related issues and possible workarounds

Andrew Gallagher andrewg at andrewg.com
Wed Jul 3 17:17:31 CEST 2019


On 03/07/2019 15:59, Stefan Claas via Gnupg-users wrote:
> Now, you awake my interest. You said it is the protocol, so let's
> say when Werner and his hackers has fixed the issue in GnuPG and
> for a protocol you usually have to sides, to work with, could that
> not mean then when Werner does x,y,z code in GnuPG that hockeypuck
> must follow x,y,z code in order that the protocol works ... ?!
> 
> Or do SKS key servers dictate how GnuPG's submission / receiving
> protocol must work?

There are several interlocking issues here. Firstly, gnupg locks up when
importing outsized keys. There are things that can be done at the import
stage, and this is what you mention above, but all of them just move
around the consequences of abuse. That's because of the second issue,
which is that the keyservers are abusable. You can fix this by making
keyservers verify the identity of the uploader (as hagrid and keybase
do), but this then makes the SKS reconciliation protocol unviable - so
it is SKS the protocol that has to be changed, not SKS the software.

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/8ea8bd4c/attachment.sig>


More information about the Gnupg-users mailing list