[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] "quality" of keyservers offering hkps

From: Kiss Gabor (Bitman)
Subject: Re: [Sks-devel] "quality" of keyservers offering hkps
Date: Thu, 14 Aug 2014 14:04:33 +0200 (CEST)
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

> As the public keys themselves are of cause nothing which needs to be secured, 
> I see these two possible aspects:
> - meta data like 'who up-/downloaded which keys' could be revealed


> - mitm attacks  may manipulate up-/downloaded keys


Every uploaded key can be manipulated legally by anyone.
(I.e. you attach a new signature to your friend's key
and you send back to the key servers.)
Moreover anybody can send a totally new key in the name of you.
Public key server is like Wikipedia or a piece of paper.
And everybody has a pencil. :-)

It is the keysigning by other peoples only what ensures integrity of
your data stored on SKS servers.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]