sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

From: Kristian Fiskerstrand
Subject: Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]
Date: Sun, 14 Jan 2018 16:55:05 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 
On 01/14/2018 01:04 PM, Heiko Richter wrote:
> The fact that your GPG client shows a secure connection is
> either due to a faulty/incomplete validation algorithm that doesn't
> check the ca signature of the servers cert or because "Kristian-CA" is
> hardcoded into GnuPG. I don't know which one it is and don't really care
> because both situations would be relics of 90s-incompetence that
> compromise security and should have been removed from gnupg years ago.

Quite the contrary, this is the correct behavior from a security
perspective. And yes, the CA is included for the pool specifically.

Using HKPS from web browser is less of an issue as that is wrong use of
keyservers in nine out of ten situations as a local client is anyways
needed to properly validate the packet information provided in the
OpenPGP keyblock.

That said I'm a bit surprised about this discussion, nobody is required
to use a single pool of keyservers.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Amantes sunt amentes
Lovers are lunatics

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]