[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] "quality" of keyservers offering hkps

From: Pete Stephenson
Subject: Re: [Sks-devel] "quality" of keyservers offering hkps
Date: Thu, 14 Aug 2014 16:04:22 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 02:12 PM, Christoph Egger wrote:
>> "Kiss Gabor (Bitman)" <address@hidden> writes:
>>>> - mitm attacks  may manipulate up-/downloaded keys
>>> no
>>> Every uploaded key can be manipulated legally by anyone. (I.e.
>>> you attach a new signature to your friend's key and you send back
>>> to the key servers.) Moreover anybody can send a totally new key
>>> in the name of you. Public key server is like Wikipedia or a
>>> piece of paper. And everybody has a pencil. :-)
>> You can still block certain pakets from up/downloads (i.e. not 
>> providing signature pakets for some key -- kind of a DoS when
>> checking a trust path)
> Or even more importantly, providing a public key where a revocation
> signature has been removed.

Is this possible?

My (albeit limited) understanding is that SKS is an append-only system,
and that it is not possible to remove key packets that are already on
the servers.

Wouldn't a bad guy:
a. Need the private key to edit self-signed elements, like revocation
b. Be unable to remove the revocation signature, as SKS servers are


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]