Re: [Sks-devel] Making keys unusable with spamming similar uids
On 14/09/16 15:27, Valentin Sundermann wrote: > Hey sks-devel, > > when searching for common terms (i.e. "test") on a keyserver, I > hit a limit of matches sometimes. > > Assumed that I'd be a bad person, I should be able to make a > choosen key unusable by creating and uploading keys with similar > name, email address and so on. If somebody searches for that email > address, he should hit the limit and cannot get the key. (And > yeah, it's still possible to get the key with the exact fingerprint > but I guess it's inconvenient for "normal people".) > > Do I miss something or is it actually possible to make keys > unusable with such an approach? as per evil32's demo of 32bit key dupes it's possible to flood these, but it costs cpu, and even so you can search the keyid-format long value . eg; 0x1992274E129BAF74 > > If it should be possible: I think something like a pagination > should solve it on a simple level (although the user has to scroll > through the pages and identify the right key). And another thing > would be how client implementation would treat pagination... pagination is an interesting idea, and even more so key ordering which is currently ordered by key creation date... changing the search results order would be hard and have politics... as search results order can't be easily changed, pagination does not solve the issue (valid keys will be at the bottom of the pile). the issue being a topic that comes up often enough, what to do with spam... Kind Regards, Mike ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] sks 1.1.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Introduced my first 1.1.6 node. CentOS7 Hostname: sks.mj2.uk Nodename: node3.sks.mj2.uk Version:1.1.6 Will review in a few days. Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX2eAMAAoJEOYwtpHNe8FmnecIAJSFamXE5W4ph8nIAsmSmN3j LbEkmJkBm/QSKeGRHiy7BRJL7ZKhNlR0tsY3ztHho7Bi2BKcBmqtUjwpMxxFSqiF uv5NC9yNN9/Hy+8nsRAZY8LMsjN/YAHHdAqiOBL2xICJ1DmHCQTNzkLlw+jA3CEf 8XHFX1oiEvcpig9at8iG3J/HNrJeIrQn6wbV/ki+M1WIA2LVXbmLIbYhO1LqDZdp anxRcgJqsL4fOnO+BzdBwWmXISmo0AGEN5TysMEpr9yPaFb7fcx+h+pX/IL6fLeJ Fh3quz43k5tTowapbdmzgdOKsIqW8pvQoJ+nlrdS0acImk9H636LyBGlPcVJrYk= =TNtm -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Making keys unusable with spamming similar uids
Hey sks-devel, when searching for common terms (i.e. "test") on a keyserver, I hit a limit of matches sometimes. Assumed that I'd be a bad person, I should be able to make a choosen key unusable by creating and uploading keys with similar name, email address and so on. If somebody searches for that email address, he should hit the limit and cannot get the key. (And yeah, it's still possible to get the key with the exact fingerprint but I guess it's inconvenient for "normal people".) Do I miss something or is it actually possible to make keys unusable with such an approach? If it should be possible: I think something like a pagination should solve it on a simple level (although the user has to scroll through the pages and identify the right key). And another thing would be how client implementation would treat pagination... Best regards, Valentin signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel