Re: [Sks-devel] "quality" of keyservers offering hkps

[Pete Stephenson]

On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 02:12 PM, Christoph Egger wrote:
>> "Kiss Gabor (Bitman)" <address@hidden> writes:
>>>> - mitm attacks  may manipulate up-/downloaded keys
>>>
>>> no
>>>
>>> Every uploaded key can be manipulated legally by anyone. (I.e.
>>> you attach a new signature to your friend's key and you send back
>>> to the key servers.) Moreover anybody can send a totally new key
>>> in the name of you. Public key server is like Wikipedia or a
>>> piece of paper. And everybody has a pencil. :-)
> 
>> You can still block certain pakets from up/downloads (i.e. not 
>> providing signature pakets for some key -- kind of a DoS when
>> checking a trust path)
> 
> Or even more importantly, providing a public key where a revocation
> signature has been removed.

Is this possible?

My (albeit limited) understanding is that SKS is an append-only system,
and that it is not possible to remove key packets that are already on
the servers.

Wouldn't a bad guy:
a. Need the private key to edit self-signed elements, like revocation
signatures?
b. Be unable to remove the revocation signature, as SKS servers are
append-only?

Cheers!
-Pete

signature.asc
Description: OpenPGP digital signature