New keyserver at keys.openpgp.org - what's your take?
Michał Górny
mgorny at gentoo.org
Fri Jun 14 16:13:35 CEST 2019
On Fri, 2019-06-14 at 11:56 +0100, Damien Goutte-Gattat via Gnupg-users
wrote:
> Hi,
>
> On Fri, Jun 14, 2019 at 10:12:51AM +0200, Oscar Carlsson via Gnupg-users wrote:
> > I'm generally curious on your opinions on the latest new keyserver,
> > this time running a new software than the normal keyservers.
>
> For what it's worth, my main concern is that it is a centralized
> service.
>
> This puts whoever is running keys.openpgp.org in a uniquely good
> position to do Bad Things™. Of course I don't expect they would, but the
> point is, they could (or they could be forced to).
To be honest, I've been considering similar problems with SKS lately
and I don't really think a distributed service such as SKS is any better
in this regard.
Given that SKS pool is entirely open, it is rather trivial for a single
malicious entity to set multiple new keyservers up, and gain advantage
over other servers in the pool. In fact, this is probably easier than
corrupting the single central server.
--
Best regards,
Michał Górny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190614/6f4bf850/attachment.sig>
More information about the Gnupg-users
mailing list