[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] "quality" of keyservers offering hkps
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] "quality" of keyservers offering hkps |
Date: |
Thu, 14 Aug 2014 16:06:13 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 08/14/2014 04:04 PM, Pete Stephenson wrote:
> On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
>> On 08/14/2014 02:12 PM, Christoph Egger wrote:
>>> "Kiss Gabor (Bitman)" <address@hidden> writes:
>>>>> - mitm attacks may manipulate up-/downloaded keys
>>>>
>>>> no
>>>>
>>>> Every uploaded key can be manipulated legally by anyone.
>>>> (I.e. you attach a new signature to your friend's key and
>>>> you send back to the key servers.) Moreover anybody can send
>>>> a totally new key in the name of you. Public key server is
>>>> like Wikipedia or a piece of paper. And everybody has a
>>>> pencil. :-)
>>
>>> You can still block certain pakets from up/downloads (i.e. not
>>> providing signature pakets for some key -- kind of a DoS when
>>> checking a trust path)
>>
>> Or even more importantly, providing a public key where a
>> revocation signature has been removed.
>
> Is this possible?
Certainly
>
> My (albeit limited) understanding is that SKS is an append-only
> system, and that it is not possible to remove key packets that are
> already on the servers.
>
> Wouldn't a bad guy: a. Need the private key to edit self-signed
> elements, like revocation signatures?
No, you can drop the full signature or just use a copy of the key from
before reovcation was appended.
> b. Be unable to remove the revocation signature, as SKS servers are
> append-only?
>
Not in a MITM scenario where you don't really talk with SKS in the
first place, hence a very good reason for HKPS in the first place.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Timendi causa est nescire
The cause of fear is ignorance
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJT7MJPAAoJEPw7F94F4TagfUgP/jCCNLaGvdk+OUk9x6P9rCXL
HF3S69oKshq2ptalsyUI+3yEOvRuM40q7Syd0i7r9kl3irrPAmKXOfIt+JAaLTbS
yYYaUiMJXyUctifdj0vLAj48Us/6GET7jOeuflD/9lB8MFR+iIKbdj/wIJEkbfXd
+PFAdozfE8kJ6ziGnXDZ6xp1TPDPKiOZ/FVpKyKZ9CJj+KqYHHPFKgt5L5ynEVcj
5vFdtdI2jTkYQ2vDX6GsM1ukhxnyhtxLDPf2L4LcZFgK/o6/ioLq/Qss2KDyC99Q
BF+jiRtRFCJ4exnaEKPzzDW/rdINX5NTUoM+OXZPVi1wP0x54TLPqKL1aso8jwHN
y1dSgmyVbS0SXfQAM88ZWO6vmgBEPdchNezb9Fqsvs7n9k9X7/RwpeezJomPXHrB
58ZzD2g8+iJluof6SWiKtH4lNMoagPoSWzlsNNvod4hzt9aDWdl3GVl0kPxqXTXw
MUB0iZSVgLaGYLX7rgj8cNyKx+odMfEw/H0v1zaUUplshGQZ/HQwRkl+qqR1hXr/
9+zWAlZm/KnQEy5Zq3USZqYRARK0dJk9RbnjnJu3C46UJ4J7hfRB7u6tKEXSPtuY
MGoVkGLms16bxTsfaoEkNgUrvMaI/TL625DWJdknBgtLFg2uT32vNQMFBmFV8Ztb
Ux3SsCGuYLmp2qrKCF5v
=+ktI
-----END PGP SIGNATURE-----
- [Sks-devel] "quality" of keyservers offering hkps, Matthias Schreiber, 2014/08/13
- Re: [Sks-devel] "quality" of keyservers offering hkps, Phil Pennock, 2014/08/13
- Re: [Sks-devel] "quality" of keyservers offering hkps, Matthias Schreiber, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kiss Gabor (Bitman), 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Christoph Egger, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kristian Fiskerstrand, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Pete Stephenson, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps,
Kristian Fiskerstrand <=
- Re: [Sks-devel] "quality" of keyservers offering hkps, Pete Stephenson, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Kristian Fiskerstrand, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Gabor Kiss, 2014/08/14
- Re: [Sks-devel] "quality" of keyservers offering hkps, Phil Pennock, 2014/08/14
Re: [Sks-devel] "quality" of keyservers offering hkps, Gabor Kiss, 2014/08/14