Re: The meat with multiple PGP subkeys

2003-06-18 Thread Stefan Kelm
David,

 A reasonable question would be Why don't all the PKS operators
 replace their server with SKS or something else?.  I don't have a
 good answer to that.  It's certainly been asked.[3]

...and has been answered a number of times. The thing is (and most people 
seem to forget about this now and then) that most, if not all, of the 
pgp.net server operators do run their servers in their spare time. Since 
pksd has a long history of not being overly stable one is happy once the 
server is up and running. Thus, the never-change-a-running-system 
paradigm is being lived in this realm.  

Cheers,

Stefan.

Security Awareness Symposium - 24.-25.06.2003, Karlsruhe
http://www.security-awareness-symposium.de/

Dipl.-Inform. Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe

Tel. +49 721 6105-461, Fax +49 721 6105-455
E-Mail [EMAIL PROTECTED], http://www.secorvo.de/
---
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The meat with multiple PGP subkeys

2003-06-18 Thread David Shaw
On Wed, Jun 18, 2003 at 03:47:01PM +0200, Stefan Kelm wrote:
 David,
 
  A reasonable question would be Why don't all the PKS operators
  replace their server with SKS or something else?.  I don't have a
  good answer to that.  It's certainly been asked.[3]
 
 ...and has been answered a number of times. The thing is (and most people 
 seem to forget about this now and then) that most, if not all, of the 
 pgp.net server operators do run their servers in their spare time. Since 
 pksd has a long history of not being overly stable one is happy once the 
 server is up and running. Thus, the never-change-a-running-system 
 paradigm is being lived in this realm.  

These servers are *broken*, and harming the use of PGP.  Countless
FAQs and other documents extol the keyserver network, and so new PGP
users try it and get their keys eaten.  One would hope that
never-change-a-running-system wouldn't apply when the running system
was actively causing damage.  It's not just subkeys: PKS allows for a
number of denial of service attacks against keys stored in it.

It's a question, but the way I see it, if a keyserver operator doesn't
want to fix critical bugs for fear of messing with a stable system,
then just turn the thing off.  That's stable too, and doesn't harm
anyone.

At least now there is subkeys.pgp.net so users can ignore the servers
that aren't being fixed (and we just have to educate everyone to use
it).

David

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The meat with multiple PGP subkeys

2003-06-18 Thread martin f krafft
also sprach David Shaw [EMAIL PROTECTED] [2003.06.18.0240 +0200]:
 The problem is that the PKS keyserver was not written to handle keys
 with multiple subkeys.

[snip]

Thanks for the explanation. I didn't know about subkeys.pgp.net yet.

Moreover, I second the belief that the keyservers must be fixed as
they are really harming the PGP infrastructure.

I support Jason's work:

  http://keyserver.kjsl.com/~jharris/keyserver.html

and am already talking the wwwkeys.ch.pgp.net people into upgrading.

Maybe everybody can pick a keyserver of their choice and sit on the
admin's face until s/he gets it... ? Let's riot!

Can someone tell me why the heck SKS is written in Ocaml? What an
annoyance is that? No offence to the Ocaml people here...

-- 
martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
 
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
 
there is more stupidity than hydrogen in the universe,
 and it has a longer shelf life.
-- frank zappa


pgp0.pgp
Description: PGP signature