> As the public keys themselves are of cause nothing which needs to be secured, > I see these two possible aspects: > > - meta data like 'who up-/downloaded which keys' could be revealed
yes > - mitm attacks may manipulate up-/downloaded keys no Every uploaded key can be manipulated legally by anyone. (I.e. you attach a new signature to your friend's key and you send back to the key servers.) Moreover anybody can send a totally new key in the name of you. Public key server is like Wikipedia or a piece of paper. And everybody has a pencil. :-) It is the keysigning by other peoples only what ensures integrity of your data stored on SKS servers. Gabor _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
