FAQ: seeking consensus

Michał Górny mgorny at gentoo.org
Fri Oct 18 12:25:08 CEST 2019


On Fri, 2019-10-18 at 09:19 +0200, Stefan Claas via Gnupg-users wrote:
> Robert J. Hansen wrote:
> 
> > 1.  How should we handle the SKS keyserver attacks?
> 
> I would list in the FAQ the kind of attacks possible,
> to educate users, before they choose one for uploading
> their key.
> 
> > One school of thought says "SKS is tremendously diminished as a
> > resource, because using it can wedge older GnuPG installations and we
> > can't make people upgrade.  We should recommend people use other methods
> > than SKS."  If you think this is correct, please let me know what you
> > think the alternate method should be.
> > 
> > Another says, "with a recent GnuPG release SKS may be used productively
> > and we should keep the current advice."
> > 
> > Is there another solution I'm overlooking?  Please don't think I'm
> > limiting the discussion to just those two.  If you've got a third way
> > (or a fourth, or a fifth) I'd love to hear them.
> 
> It would be nice if you can add to the keyserver list also the
> mailvelope.com keyserver, because it requires users to authenticate
> their keys against the keyserver with an received encrypted email
> and it also allows keeping third party signatures, compared to
> Hagrid.
> 
> https://keys.mailvelope.com
> 

This domain seems not to resolve with DNSSEC-capable resolvers.

-- 
Best regards,
Michał Górny

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191018/619e6caf/attachment.sig>


More information about the Gnupg-users mailing list