SKS and GnuPG related issues and possible workarounds
Ryan McGinnis
ryan at digicana.com
Wed Jul 3 19:26:25 CEST 2019
To be fair, that bookshelf got pointed out like a decade ago. It’s just that resources to build a new one never materialized.
While pointing out a problem by doing a targeted demonstration attack is about as aggressively black hat as it gets, it’s hard to not expect it. Even big white hat boys like Project Zero give 90 days to fix an issue before publishing (and once published, you can assume the exploit will be used in the wild.) Pining for a simpler time when people didn’t try to exploit other people and systems is silly because those times never existed - it’s just that there didn’t use to be such significant value attached to software systems so the only people who carried out attacks were nerds doing it for the lulz. (Well, the ROTFLs back then, I guess.) Sure, nobody could anticipate contemporary attacks a decade ago, but that seems more a cautionary tale against allowing non-serviceable abandonware to run critical systems. If any 15 year old script kiddie can easily bring your whole heavily relied-upon system down, then having someone pull back the curtain on the wizard seems like an understandable choice, even if it’s a bit of a jerk move.
But yeah, that said — don’t kick the bookshelf over. :) Just hope that in the meantime nobody figures out a way to profit or benefit somehow from doing so.
-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, July 3, 2019 9:18 AM, Andrew Gallagher <andrewg at andrewg.com> wrote:
> On 03/07/2019 15:00, Stefan Claas via Gnupg-users wrote:
>
> > If I had time and money I would hire a lawyer, would formulate a letter
> > for SKS operators stating that I request the removal of my pub key data
> > and would as EU citizen refer in this letter to our GDPR.
> > Maybe, if time allows, I may check with EFF and their lawyers ...
>
> Would you mind waiting for the replacement system to be fully tested and
> migrated before setting fire to the old one?
>
> There's a scene in the classic comedy Father Ted, where a visitor to the
> parochial house starts complaining about the build quality of the
> bookshelves, and to prove his point he pulls them to pieces. "Look at
> that, it's falling apart!" [1]
>
> Just because something is broken does not mean you are obliged to kick
> it over to prove the point.
>
> [1] https://vimeo.com/108169770
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Andrew Gallagher
>
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
To
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - ryan at digicana.com - 0x5C738727.asc
Type: application/pgp-keys
Size: 3215 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/fb69a523/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/fb69a523/attachment-0001.sig>
More information about the Gnupg-users
mailing list