SKS Keyserver Network Under Attack

Andrew Gallagher andrewg at andrewg.com
Sun Jun 30 12:03:06 CEST 2019


> On 30 Jun 2019, at 10:21, Mirimir via Gnupg-users <gnupg-users at gnupg.org> wrote:
> 
> This is undoubtedly a naive question. But anyway, would it be feasible
> to test keys by importing them, and seeing which ones break OpenPGP?
> Maybe do it in minimal Docker containers? And then somehow block access
> to those keys?

Because a) it’s enumerating badness [1] but more importantly b) it’s punishing the victim. Protecting the ecosystem by banning RJH and DKG’s keys from the keyservers entirely is doing the bad guys’ work for them.

A

[1] https://www.ranum.com/security/computer_security/editorials/dumb/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190630/c43b948c/attachment-0001.html>


More information about the Gnupg-users mailing list