On 06/30/2019 03:10 AM, Robert J. Hansen wrote: >> Because a) it’s enumerating badness [1] but more importantly b) it’s >> punishing the victim. Protecting the ecosystem by banning RJH and DKG’s >> keys from the keyservers entirely is doing the bad guys’ work for them.
Currently, we know that three keys are bad. How soon do you think that bad keys will outnumber good ones? Weeks? Months? Years? > There's an important c): > > c) what happens when they go after more certificates? > > If you're willing to blackhole two certs, great. Where does it stop? > How many certs can the strong set stand to lose? Your third point is actually why I suggested this. Maybe I'm just twisted, but what if some dickhead goes after certs that would break stuff for millions of people? One might, for example, block Linux kernel maintenance and development. Maybe just before using some 0-day. It would stop when certs can no longer be poisoned. And I don't see the downside. I mean, what good does it do to have people downloading keys that break their stuff? I don't see that as "doing the bad guys’ work for them". I see it as preventing bad guys escalating from hurting a few people to doing serious damage. That's not "punishing the victim". Also, I presume that key owners could temporarily disable signature checking, delete malicious signatures, and put their keys on secure keyservers. But until secure keyservers exist at requisite scale, blackholing seems like the simplest option. If it's doable, anyway. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users