-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/14/2014 04:04 PM, Pete Stephenson wrote: > On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote: >> On 08/14/2014 02:12 PM, Christoph Egger wrote: >>> "Kiss Gabor (Bitman)" <[email protected]> writes: >>>>> - mitm attacks may manipulate up-/downloaded keys >>>> >>>> no >>>> >>>> Every uploaded key can be manipulated legally by anyone. >>>> (I.e. you attach a new signature to your friend's key and >>>> you send back to the key servers.) Moreover anybody can send >>>> a totally new key in the name of you. Public key server is >>>> like Wikipedia or a piece of paper. And everybody has a >>>> pencil. :-) >> >>> You can still block certain pakets from up/downloads (i.e. not >>> providing signature pakets for some key -- kind of a DoS when >>> checking a trust path) >> >> Or even more importantly, providing a public key where a >> revocation signature has been removed. > > Is this possible?
Certainly > > My (albeit limited) understanding is that SKS is an append-only > system, and that it is not possible to remove key packets that are > already on the servers. > > Wouldn't a bad guy: a. Need the private key to edit self-signed > elements, like revocation signatures? No, you can drop the full signature or just use a copy of the key from before reovcation was appended. > b. Be unable to remove the revocation signature, as SKS servers are > append-only? > Not in a MITM scenario where you don't really talk with SKS in the first place, hence a very good reason for HKPS in the first place. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Timendi causa est nescire The cause of fear is ignorance -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT7MJPAAoJEPw7F94F4TagfUgP/jCCNLaGvdk+OUk9x6P9rCXL HF3S69oKshq2ptalsyUI+3yEOvRuM40q7Syd0i7r9kl3irrPAmKXOfIt+JAaLTbS yYYaUiMJXyUctifdj0vLAj48Us/6GET7jOeuflD/9lB8MFR+iIKbdj/wIJEkbfXd +PFAdozfE8kJ6ziGnXDZ6xp1TPDPKiOZ/FVpKyKZ9CJj+KqYHHPFKgt5L5ynEVcj 5vFdtdI2jTkYQ2vDX6GsM1ukhxnyhtxLDPf2L4LcZFgK/o6/ioLq/Qss2KDyC99Q BF+jiRtRFCJ4exnaEKPzzDW/rdINX5NTUoM+OXZPVi1wP0x54TLPqKL1aso8jwHN y1dSgmyVbS0SXfQAM88ZWO6vmgBEPdchNezb9Fqsvs7n9k9X7/RwpeezJomPXHrB 58ZzD2g8+iJluof6SWiKtH4lNMoagPoSWzlsNNvod4hzt9aDWdl3GVl0kPxqXTXw MUB0iZSVgLaGYLX7rgj8cNyKx+odMfEw/H0v1zaUUplshGQZ/HQwRkl+qqR1hXr/ 9+zWAlZm/KnQEy5Zq3USZqYRARK0dJk9RbnjnJu3C46UJ4J7hfRB7u6tKEXSPtuY MGoVkGLms16bxTsfaoEkNgUrvMaI/TL625DWJdknBgtLFg2uT32vNQMFBmFV8Ztb Ux3SsCGuYLmp2qrKCF5v =+ktI -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
