[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do we need to secure our keyservers against kind of DoS Attacks
-----BEGIN PGP SIGNED MESSAGE-----
Christoph Anton Mitterer wrote:
> On Sun, 2009-02-01 at 16:25 -0500, Daniel Kahn Gillmor wrote:
>> So: Is this scheme fully implemented and easy-to-use yet? No. But
>> the pieces are there, and it's already been assembled piecemeal with
>> currently-available tools. If you are interested, or manage to push
>> it further, i'd be very happy to hear about your progress.
> Well my time's limited ^^...
> I had hoped to get somehow in contact with the keyserver software
Yaron Minsky did the development work, but doesn't have time for new development
The other keyserver list, pgp-keyserver-folk[AT]alt.org, seems to have gone missing.
> The keyservers should also communicate secured with each other,.. in you
> setup there's still the (of course very small) chance that the secure
> keyserver (e.g. your's) is already attacked and doesn't get the full
> data during its synchronisation with the others,...
Under SKS, it will get that data from another keyserver. To forge a key would
require co-opting and taking simultaneous control of all the SKS keyservers.
To fool a keyserver would require being able to fake hashes of the database
> and I suppose most people use one of the "big/wellknown" keyservers when
> submitting their keys.
Yeah, even when the code the keyserver runs is broken/orphaned.
> And as you've said, one important point would be client support...
> The average user probably don't want to set up socat or any similar
No, it would have to be done in the client.
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4907-2008-12-21 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33 ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with SeaMonkey - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----