SKS Keyserver Network Under Attack
Vincent Breitmoser
look at my.amazin.horse
Tue Jul 2 13:47:00 CEST 2019
> Unless you are on Windows where the server can't be accessed because it
> uses a pretty limited set of TLS cipher suites. Thus the majority of
> GnuPG encryption users are out of luck.
Huh, that's interesting. I was not aware of this issue, and wish you had reached
out to me, or to support at keys.openpgp.org, or filed an issue on Hagrid.
> Even with the fear of padding oracles on CBC and old as well as a forthcoming
> attack, the restriction of the server to use only GCM based cipher modes is
> not helpful.
This BSI requirement was not known to me. While it would be preferable to stick
with AEAD ciphersuites, I would of course add another ciphersuite if you say you
consider this a worthwhile tradeoff.
It would be good to sort out the policy issue at some point as well, but
I understand that won't happen overnight.
- V
More information about the Gnupg-users
mailing list