sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] "quality" of keyservers offering hkps

From: Pete Stephenson
Subject: Re: [Sks-devel] "quality" of keyservers offering hkps
Date: Thu, 14 Aug 2014 16:36:48 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 
On 8/14/2014 4:06 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 04:04 PM, Pete Stephenson wrote:
>> My (albeit limited) understanding is that SKS is an append-only 
>> system, and that it is not possible to remove key packets that are 
>> already on the servers.
> 
>> Wouldn't a bad guy: a. Need the private key to edit self-signed 
>> elements, like revocation signatures?
> 
> No, you can drop the full signature or just use a copy of the key from
> before reovcation was appended.
> 
>> b. Be unable to remove the revocation signature, as SKS servers are
>> append-only?
> 
> Not in a MITM scenario where you don't really talk with SKS in the
> first place, hence a very good reason for HKPS in the first place.

[re-sending to list, as I inadvertently sent this response directly to
Kristian]

Ok. Just for clarity, these attacks are only possible in a MITM
scenario, correct?

Am I correct in my understanding that the bad guy could only do the
packet stripping if they were MITMing the client and presented the user
with the desired key sans the revocation signature?

That is, the bad guy can't upload the key sans revocation signature to
the actual pool, since the pool is append-only and so the revocation
signature would not be removed from the pool.

Cheers!
-Pete

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]