On 15/08/2019 08:50, Robert J. Hansen wrote:
> Additionally, the bad guys can create new malicious certificates faster
> than the keyserver network can blacklist.

Plus, the attacker could just create a signature that looks likely to be
real (self-sig or existing third-party sig seems a good candidate). Only
when actually doing the cryptographic verification will it turn out to
be fake anyway. By that time the amount of processing GnuPG has done is
already enough for the denial of service.

I think the attacker only used cryptographically valid signatures
because it was easier to use existing tooling. There is no reason for
the poison to be cryptographically valid. It just has to be slightly
expensive to verify. GnuPG doesn't even get to the bit where the
signature is validated, since the signing key isn't on the keyring, and
still, we have this DoS.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attachment: signature.asc
Description: OpenPGP digital signature

Gnupg-users mailing list

Reply via email to