|
From: | Kiss Gabor (Bitman) |
Subject: | Re: [Sks-devel] "quality" of keyservers offering hkps |
Date: | Thu, 14 Aug 2014 14:04:33 +0200 (CEST) |
User-agent: | Alpine 2.02 (DEB 1266 2009-07-14) |
> As the public keys themselves are of cause nothing which needs to be secured, > I see these two possible aspects: > > - meta data like 'who up-/downloaded which keys' could be revealed yes > - mitm attacks may manipulate up-/downloaded keys no Every uploaded key can be manipulated legally by anyone. (I.e. you attach a new signature to your friend's key and you send back to the key servers.) Moreover anybody can send a totally new key in the name of you. Public key server is like Wikipedia or a piece of paper. And everybody has a pencil. :-) It is the keysigning by other peoples only what ensures integrity of your data stored on SKS servers. Gabor
[Prev in Thread] | Current Thread | [Next in Thread] |