SKS Keyserver Network Under Attack
Alyssa Ross
hi at alyssa.is
Tue Jul 2 00:43:18 CEST 2019
> And yes, hkps://keys.openpgp.org would fall over and die if too many
> users started using it. So cert poisoning will be an issue until there's
> a secure alternative.
Just as a point of interest, I've talked to the people running
keys.openpgp.org about their capacity in #hagrid, when we were exploring
whether to change the default keyserver in Nixpkgs' GnuPG[1] (which we
ended up doing).
The impression I got was that they're very optimistic about their
ability to handle traffic to their server -- they were happy to have a
distro make the switch, and will be changing the defaults in Enigmail
and OpenKeychain very soon, as I understand it.
It is a real shame that a decentralized Hagrid isn't really possible,
though, at least to my understanding. It's quite the limitation for
GnuPG.
[1]: https://github.com/NixOS/nixpkgs/pull/63952
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190701/4589554b/attachment.sig>
More information about the Gnupg-users
mailing list