On 8/14/2014 4:06 PM, Kristian Fiskerstrand wrote: > On 08/14/2014 04:04 PM, Pete Stephenson wrote: >> My (albeit limited) understanding is that SKS is an append-only >> system, and that it is not possible to remove key packets that are >> already on the servers. > >> Wouldn't a bad guy: a. Need the private key to edit self-signed >> elements, like revocation signatures? > > No, you can drop the full signature or just use a copy of the key from > before reovcation was appended. > >> b. Be unable to remove the revocation signature, as SKS servers are >> append-only? > > Not in a MITM scenario where you don't really talk with SKS in the > first place, hence a very good reason for HKPS in the first place.
[re-sending to list, as I inadvertently sent this response directly to Kristian] Ok. Just for clarity, these attacks are only possible in a MITM scenario, correct? Am I correct in my understanding that the bad guy could only do the packet stripping if they were MITMing the client and presented the user with the desired key sans the revocation signature? That is, the bad guy can't upload the key sans revocation signature to the actual pool, since the pool is append-only and so the revocation signature would not be removed from the pool. Cheers! -Pete
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel