Hi, On 26-10-14 10:17, Hanno Böck wrote: > From my understanding the core principle of the pgp keyservers is that > they have an "add only"-policy, meaning you can never remove something, > just add further information to it (e.g. keys don't get removed, they > expire or are revoked).
Correct. > This opens up a couple of problems and I wonder if they have been > discussed before and if there are any counterstrategies to them. > > a) Someone could just flood the keyservers with random bogus keys. This > would basically fill up the hard drives of the keyservers. > b) Someone could grow a target's key by adding more and more > signatures. This would quickly make downloading the key from the > keyservers infeasible. > c) Someone could use keys, keyids, signatures or whatever to store > illegal data. (Basically this very same issue has already been > discussed in the context of bitcoin [1]) These things have been identified in the past as 'possible issues'. Some people on this list, like myself, would see measures implemented now to be able to counter these issues at the moment they get real. Others argue nothing has to be done at this moment. Currently, there are no developments or even strategies to counter issues like these. d) A fourth possible issue is the fact we store personal data. Many countries in Europe have laws regarding the storage of personal data, including the right to get removed. Up to now, we have had one server operator who had to close down due to legal threats regarding this. > I don't really see any feasible counterstrategies to these issues. Situations c) and d) can be countered by making it impossible to retrieve the data of keys that are listed in a local list that the server operator maintains. This keys should not be listed in search results either. If getting keys by SKS-hashes is excludeded from this mechanism, it would still allow SKS-sync as normal. b) can be countered by setting a max. key-size servers accept. In this case a server has to reject new material in case the resulting key is larger than a certain size that has to be agreed among peering SKS-operators. To avoid loosing revocation certificates, we could strip revoked keys from all unnecessary information. a) is difficult... One could restrict the uploads from a certain IP, but a botnet uploading to every known keyserver can still do a lot of damage. > Given the speed one can generate and upload material to key servers > (keys don't have to be valid to be accepted) I think all three scenarios > could easily happen. Yes, if someone wants to cripple relative easy key exchange, that is very well possible. Without a public key infrastructure like our SKS-network, use of OpenPGP for signing / encrypting e-mail, documents or server certificates (http://web.monkeysphere.info/) will be much harder for the average user / organisation. > I'm curious what the thoughts of the people running keyservers are. My € 0,02. Arnold > [1] > https://www.reddit.com/r/Bitcoin/comments/1akyy4/what_happens_if_someone_inserts_illegal_content/ _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
