"Kiss Gabor (Bitman)" <ki...@ssg.ki.iif.hu> writes: >> - mitm attacks may manipulate up-/downloaded keys > > no > > Every uploaded key can be manipulated legally by anyone. > (I.e. you attach a new signature to your friend's key > and you send back to the key servers.) > Moreover anybody can send a totally new key in the name of you. > Public key server is like Wikipedia or a piece of paper. > And everybody has a pencil. :-)
You can still block certain pakets from up/downloads (i.e. not providing signature pakets for some key -- kind of a DoS when checking a trust path) Christoph -- 9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731 Debian Developer | Lisp Hacker | CaCert Assurer
pgpBlJJTv23Qa.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel