> "Look, this one guy who just got mugged? [...] I had to read it twice to distill what I think Mirimir meant, but I think they meant that if you blacklist/blackhole all affected certificates, you remove the incentive for the attackers to poison more certificates since the poison can't spread to the people fetching keys. Thus stopping the attackers.
I concluded that Mirimir perhaps forgot about that this creates a second attack model, where you can block keys from being on the keyserver. This seems like a new problem that means this stopgap measure is probably not the one we want, since it still provides the incentive for attackers to poison keys. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users