SKS Keyserver Network Under Attack

Andrew Gallagher andrewg at andrewg.com
Sun Jun 30 17:55:53 CEST 2019


> On 30 Jun 2019, at 15:07, Erich Eckner via Gnupg-users <gnupg-users at gnupg.org> wrote:
> 
> maybe I don't get the original idea - but I thought, it was to block *uploads/updates* which would poisson a certificate - not to blackhole them after they got poissoned?

Hm, that’s not how I read it, although I could be wrong. It is possible to prevent submission of bad keys, but this just leads to new problems:

1. We would have to ensure that all keyservers block the same uploads. One permissive keyserver is a backdoor into the entire system. We can’t block bad keys at reconciliation time for the same reasons that have been hashed to death already. 

2. Although it may be possible to block an individual upload of tens of thousands of key packets, it will not in general be possible to prevent an attacker from incrementally increasing the number of packets attached to a key over time. If we impose a reasonable limit on the cumulative number of packets attached to a key, that key may never become undownloadable, but it will at some point become unmodifiable - so we have just transformed one DOS vector into a different one.

A 



More information about the Gnupg-users mailing list