sac at 300baud.de
Sat Sep 19 22:04:21 CEST 2020
Andrew Gallagher wrote:
> > On 19 Sep 2020, at 20:05, Stefan Claas <sac at 300baud.de> wrote:
> > Well, there is IMHO a good replacement for SKS available, called
> > hockeypuck and it is written in modern Golang.
> This is beside the point. SKS is both a protocol and an implementation. Hockeypuck is a reimplementation of the same protocol
> and is so is vulnerable to the same poisoning issues.
> The problem with the SKS *protocol* is very hard to fix, because designing a universal, publicly writable datastore means
> solving a trilemma: censorship resistance, vandalism resistance, and decentralisation. SKS prioritises censorship resistance
> and decentralisation, and so is vulnerable to vandalism. Hagrid “solves” the vandalism problem by abandoning
> decentralisation. WKD steps outside the problem space by abandoning universality. All these are valid alternatives, but none
> can be called a “replacement”.
*With all due respect*, the problems you mention with the SKS protocol is IMHO absolutely solvable with hockeypuck if the author
implements the same Mailvelope or Hagrid confirmation process for its users, or it would honor the SKS --no-modify flag, Werner
implemented long time ago in GnuPG. And if (former) SKS key server operators would be honest this could be solved with
hockeypuck and if not people which are using GnuPG or OpenPGP apps may wondering how it comes that a client/server model for
*security/privacy* software is from the SKS server side globally still operated, if it can not *protect* their users pub keys
I am very sorry to say that but all arguments from former or current SKS operators do not convince me nor do they show the
OpenPGP users community willingness or advancements in this area, to be taken serious.
More information about the Gnupg-users