[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Making keys unusable with spamming similar uids
|
From: |
Michael Jones |
|
Subject: |
Re: [Sks-devel] Making keys unusable with spamming similar uids |
|
Date: |
Thu, 15 Sep 2016 00:12:01 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 14/09/16 15:27, Valentin Sundermann wrote:
> Hey sks-devel,
>
> when searching for common terms (i.e. "test") on a keyserver, I
> hit a limit of matches sometimes.
>
> Assumed that I'd be a bad person, I should be able to make a
> choosen key unusable by creating and uploading keys with similar
> name, email address and so on. If somebody searches for that email
> address, he should hit the limit and cannot get the key. (And
> yeah, it's still possible to get the key with the exact fingerprint
> but I guess it's inconvenient for "normal people".)
>
> Do I miss something or is it actually possible to make keys
> unusable with such an approach?
as per evil32's demo of 32bit key dupes it's possible to flood these,
but it costs cpu, and even so you can search the keyid-format long value
.
eg;
0x1992274E129BAF74
>
> If it should be possible: I think something like a pagination
> should solve it on a simple level (although the user has to scroll
> through the pages and identify the right key). And another thing
> would be how client implementation would treat pagination...
pagination is an interesting idea, and even more so key ordering which
is currently ordered by key creation date... changing the search
results order would be hard and have politics...
as search results order can't be easily changed, pagination does not
solve the issue (valid keys will be at the bottom of the pile).
the issue being a topic that comes up often enough, what to do with
spam...
Kind Regards,
Mike