SKS Keyserver Network Under Attack

Mirimir mirimir at riseup.net
Sun Jun 30 12:49:55 CEST 2019


On 06/30/2019 03:10 AM, Robert J. Hansen wrote:
>> Because a) it’s enumerating badness [1] but more importantly b) it’s
>> punishing the victim. Protecting the ecosystem by banning RJH and DKG’s
>> keys from the keyservers entirely is doing the bad guys’ work for them.

Currently, we know that three keys are bad. How soon do you think that
bad keys will outnumber good ones? Weeks? Months? Years?

> There's an important c):
> 
> c) what happens when they go after more certificates?
> 
> If you're willing to blackhole two certs, great.  Where does it stop?
> How many certs can the strong set stand to lose?

Your third point is actually why I suggested this. Maybe I'm just
twisted, but what if some dickhead goes after certs that would break
stuff for millions of people? One might, for example, block Linux kernel
maintenance and development. Maybe just before using some 0-day.

It would stop when certs can no longer be poisoned. And I don't see the
downside. I mean, what good does it do to have people downloading keys
that break their stuff?

I don't see that as "doing the bad guys’ work for them". I see it as
preventing bad guys escalating from hurting a few people to doing
serious damage. That's not "punishing the victim".

Also, I presume that key owners could temporarily disable signature
checking, delete malicious signatures, and put their keys on secure
keyservers. But until secure keyservers exist at requisite scale,
blackholing seems like the simplest option. If it's doable, anyway.



More information about the Gnupg-users mailing list