SKS Keyserver Network Under Attack

Stefan Claas sac at 300baud.de
Sun Jun 30 11:24:08 CEST 2019


Andrew Gallagher wrote:

> 
> > On 30 Jun 2019, at 09:19, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> > 
> > The next version of Enigmail will no longer use the SKS network by
> > default.  Great!  But what about existing Enigmail users?  They'll see a
> > signature, click "Import Key", and ... bam.  They're likely not going to
> > think that someone's performing a malicious attack by poisoning
> > certificates: they're going to think "this is crap" and walk away.
> 
> Thankfully there is a practical - if drastic - solution for all OpenPGP users
> everywhere. Point pool.sks-keyservers.net (and its various aliases) somewhere
> else. The question is where to and how soon.

Can someone please explain to me why the GnuPG flag for key servers --no-modify
is in GnuPG and why the authors of key server software did not implemented this
feature?

Regards
Stefan




More information about the Gnupg-users mailing list