SKS Keyserver Network Under Attack
Werner Koch
wk at gnupg.org
Tue Jul 2 12:33:50 CEST 2019
On Tue, 2 Jul 2019 10:01, gnupg-users at gnupg.org said:
> No such issues on keys.openpgp.org, gpg --send-key and the new updated
> key is immediately available with no time outs or delays.
Unless you are on Windows where the server can't be accessed because it
uses a pretty limited set of TLS cipher suites. Thus the majority of
GnuPG encryption users are out of luck.
On Windows we use the ntbtls library which has not yet support for the
GCM mode and we hesitate to add this to 2.2 because GCM has not been
approved for the use of GnuPG in restricted communication (VS-NfD). It
is not a technical problem but a policy one which we first need to sort
out. Even with the fear of padding oracles on CBC and old as well as a
forthcoming attack, the restriction of the server to use only GCM based
cipher modes is not helpful.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190702/622b3649/attachment.sig>
More information about the Gnupg-users
mailing list