[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Deleting or Higing of Keys
|
From: |
Seth Hardy |
|
Subject: |
Re: [Sks-devel] Deleting or Higing of Keys |
|
Date: |
Thu, 9 Jun 2005 10:29:19 -0400 |
> - Keys may even contain worse. Keyservers do not really
> check the contents of the keys, so anyone may sent
> additional packets (not even constrained to his own
> key). I can imagine a little perl script adding some
> naughty images to every key on the keyserver... ;-)
*cough*
i haven't written a script to add naughty images (but thanks for the
idea! ;), but i do have scripts for doing other sorts of similar
nastiness. actually mentioned a number of these obnoxious "attacks" on
the keyserver network in a talk i gave at the ccc congress this past
year.
> - So I guess, what we do need is a means to remove keys
> from the keyservers. It may be sufficient to only hide
> them (which could prove to be much easier to implement
> with regard to the syncing mechanisms).
the pgp global directory is doing this already. their take on the
problem is just to verify via email address -- so this is only really
useful if you're using the key for email, and it breaks if you lose
access to your email account. basically if you want your key removed,
they verify you by email. they also do periodic pings of all people in
the keyserver to see if they're still alive, and prune people who don't
respond (in 6 month intervals).
this opens up other problems... what if you lose access to the email
account? what if someone forges or intercepts email? etc. but the
options you have if you've lost your secret key are somewhat limited, so
it may be an acceptable tradeoff for some/most people.
- seth
--
seth hardy: address@hidden * 617.650.xxxx * www.aculei.net/~shardy
(gpg - 0x5E345628): BF63 A0A7 3BCA 1D7D EDE1 63BF 46FB 95D9 5E34 5628
"Never offend people with style when you
can offend them with substance." -- Sam Brown
pgpIrOMNI0u7M.pgp
Description: PGP signature