Re: [Sks-devel] Proposal: Start verifying self-signatures

[Robert J. Hansen]

> Uploading user attribute packets with bogus self-signatures is 
> probably the easiest way to DoS the entire keyserver network.

No.  No, it's not.

The easiest way is to add a single child porn image to a UID and upload
it to the keyserver, and watch as worldwide every keyserver operator
either takes down their server, keeps it up but cooperates strongly with
authorities, or gets arrested.

The *next*-easiest way is to start filing EU data privacy directives.
For the price of a postage stamp you can take EU keyservers offline.
This has already been done successfully (see Peter Palfreder as an
example).  If I were in the EU, I would be far more concerned with this
than with maliciously large user attributes.

Why would I use your mechanism when I can just write a letter and take
down any keyserver in the EU?  And if I'm enough of a sociopath as to
want to take down the entire keyserver network, why would I be dissuaded
by the prospect of needing to acquire just one child porn image to make
my attack successful?

Call this the Ivory Fallacy.  When academics and theoreticians think
like rogues, we tend to imagine academic and theoretical rogues.  But
rogues are generally quite pragmatic people, and in many ways more
clever than we are.  "Upload a 1TiB image?  Come on, man.  You can do
better than that."

> Are we just going to wait around until someone starts doing this? We
>  can solve these vulnerabilities now.

When people start talking about the urgency of immediate action, my
skepticism alarm triggers.  In my experience, frying pans without fires
are few and far between.

smime.p7s
Description: S/MIME Cryptographic Signature