[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] "quality" of keyservers offering hkps
From: |
Pete Stephenson |
Subject: |
Re: [Sks-devel] "quality" of keyservers offering hkps |
Date: |
Thu, 14 Aug 2014 16:04:22 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 02:12 PM, Christoph Egger wrote:
>> "Kiss Gabor (Bitman)" <address@hidden> writes:
>>>> - mitm attacks may manipulate up-/downloaded keys
>>>
>>> no
>>>
>>> Every uploaded key can be manipulated legally by anyone. (I.e.
>>> you attach a new signature to your friend's key and you send back
>>> to the key servers.) Moreover anybody can send a totally new key
>>> in the name of you. Public key server is like Wikipedia or a
>>> piece of paper. And everybody has a pencil. :-)
>
>> You can still block certain pakets from up/downloads (i.e. not
>> providing signature pakets for some key -- kind of a DoS when
>> checking a trust path)
>
> Or even more importantly, providing a public key where a revocation
> signature has been removed.
Is this possible?
My (albeit limited) understanding is that SKS is an append-only system,
and that it is not possible to remove key packets that are already on
the servers.
Wouldn't a bad guy:
a. Need the private key to edit self-signed elements, like revocation
signatures?
b. Be unable to remove the revocation signature, as SKS servers are
append-only?
Cheers!
-Pete
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] "quality" of keyservers offering hkps, Matthias Schreiber, 2014/08/13
- Re: [Sks-devel] "quality" of keyservers offering hkps, Phil Pennock, 2014/08/13
- Re: [Sks-devel] "quality" of keyservers offering hkps, Matthias Schreiber, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kiss Gabor (Bitman), 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Christoph Egger, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kristian Fiskerstrand, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps,
Pete Stephenson <=
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kristian Fiskerstrand, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Pete Stephenson, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kristian Fiskerstrand, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Gabor Kiss, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Phil Pennock, 2014/08/14
Re: [Sks-devel] "quality" of keyservers offering hkps, Gabor Kiss, 2014/08/14