On 12/20/2016 07:58 PM, Vincent Breitmoser wrote:
>> If you can trick a user into importing a package that hinders
>> distribution of the keyblock
>
> This should be prevented by client implementations, why would they ever
> import a non-verifying self-cert?
An invalid notation might not be
> If you can trick a user into importing a package that hinders
> distribution of the keyblock
This should be prevented by client implementations, why would they ever
import a non-verifying self-cert?
> believes it gets uploaded to keyserver with the modified packet but at
> that point it is
On 12/20/2016 07:41 PM, Daniel Kahn Gillmor wrote:
> scenario (a) doesn't matter -- the keyservers simply won't propagate
> that modified cert, which is fine, because it's not actually Alice's
> self-sig anyway.
How wouldn't this matter? If you can trick a user into importing a
package that
On Tue 2016-12-20 12:24:56 -0500, Kim Minh Kaplan wrote:
> - to do this keyservers will have to actually do cryptography
I think i disagree here. The keyservers currently don't validate
anything, and i don't see how this proposal would change things.
The two "attack" scenarios i can imagine
Kristian Fiskerstrand(kristian.fiskerstr...@sumptuouscapital.com)@Tue, Dec 20,
2016 at 07:31:35PM +0100:
> On 12/20/2016 07:29 PM, Vincent Breitmoser wrote:
> >> Without verifying the signature this opens up for a DoS on users
> >> expecting to distribute the keys, e.g in case of a revocation
> Without verifying the signature this opens up for a DoS on users
> expecting to distribute the keys, e.g in case of a revocation certificate.
I'm not sure how, could you quickly describe the scenario you have in
mind?
- V
___
Sks-devel mailing list
Vincent Breitmoser writes:
>> - to do this keyservers will have to actually do cryptography
>
> Are you sure? I don't think there's any attack scenario here: If any
> such signature exists, you can't upload the key.
You can strip that signature. If you only consider
> Assuming the intention is tagging my key (which hasn't been published so
> far) so it doesn't end up on the keyserver. In that case *all* self-sigs
> would need to carry the notation as otherwise an intruder could just
> remove the newest nokeyserver selfsig and still have a valid key (iff
> all
Daniel Kahn Gillmor wrote:
> i've been trying to make it possible for key to state that
> it should be excluded from some keyservers, but those attempts to fix
> things have failed thus far due to filter synchronization issues:
>
>
>
Hello,
My key-server keys.drup.no is temporarily offline because of an power
outage. I hope it will be back online tomorrow.
Best regards,
Audun Larsen
signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
10 matches
Mail list logo