FAQ: seeking consensus
Michał Górny
mgorny at gentoo.org
Fri Oct 18 12:25:08 CEST 2019
On Fri, 2019-10-18 at 09:19 +0200, Stefan Claas via Gnupg-users wrote:
> Robert J. Hansen wrote:
>
> > 1. How should we handle the SKS keyserver attacks?
>
> I would list in the FAQ the kind of attacks possible,
> to educate users, before they choose one for uploading
> their key.
>
> > One school of thought says "SKS is tremendously diminished as a
> > resource, because using it can wedge older GnuPG installations and we
> > can't make people upgrade. We should recommend people use other methods
> > than SKS." If you think this is correct, please let me know what you
> > think the alternate method should be.
> >
> > Another says, "with a recent GnuPG release SKS may be used productively
> > and we should keep the current advice."
> >
> > Is there another solution I'm overlooking? Please don't think I'm
> > limiting the discussion to just those two. If you've got a third way
> > (or a fourth, or a fifth) I'd love to hear them.
>
> It would be nice if you can add to the keyserver list also the
> mailvelope.com keyserver, because it requires users to authenticate
> their keys against the keyserver with an received encrypted email
> and it also allows keeping third party signatures, compared to
> Hagrid.
>
> https://keys.mailvelope.com
>
This domain seems not to resolve with DNSSEC-capable resolvers.
--
Best regards,
Michał Górny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191018/619e6caf/attachment.sig>
More information about the Gnupg-users
mailing list