Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

From:

Ryan Hunt

Subject:

Date:

Fri, 13 Jul 2018 21:22:33 -0600

IMHO Photo-ID should be dropped entirely, I see no point and its just ripe for abuse like this.. We should not be relying on that w/cryptography.. If I’m going to sign your key and validate I know you then I should be validating your the holder of that private key with an exchange first (much like I am proposing with adding your key to SKS network).. then really what does it matter what image is stored with the public key after that since the private key holder could manipulate that. Honestly it was eons ago when I last went to a key signing, but the few I did go to back in my College days never required a photo in the public key.

-Ryan

On Jul 13, 2018, at 9:01 PM, Tom at FlowCrypt <address@hidden> wrote:

> that would probably be an incomplete mitigation:

Sounds better than no solution!

> -people can use the photo id field instead

Size limit can be enforced.

> -people can use valid e-mail addresses under an own domain ("catch-all")

As long as it can validate, seems fine to me. Better than no verification.

> -your keyserver suddenly can be abused for email spamming

Any online service that allows registrations can be abused for email spamming, if you consider registration emails an "email spam".

--------

Another limitation: you cannot apply the email verification process to the recon algo, because the user would get flooded with verification emails. That means you could have a malicious SKS implementation flooding others with non-verified emails. Again, not perfect, but a good start.

On Sat, Jul 14, 2018 at 2:50 AM, Tobias Frei <address@hidden> wrote:
Hi Ryan,

that would probably be an incomplete mitigation:

-people can use the photo id field instead
-people can use valid e-mail addresses under an own domain ("catch-all")
-your keyserver suddenly can be abused for email spamming

Best regards
Tobias Frei

Am 14.07.2018 um 02:57 schrieb Ryan Hunt:

Could this be mitigated by validating email addresses as they come in? Like sending an encrypted mail to the said address with a return token, If the token is not provided the key is never put into the SKS rotation?

I think a solution like this would be much more effective, and if there was some desire to conform to GDPR at some point it would be pretty much required first step because I cannot see how we could possibly remove keys without a command signed by that key, and putting this in place would make that ‘no more difficult to remove than it was to add’..

Regards,
-Ryan Hunt

On Jul 13, 2018, at 11:20 AM, Phil Pennock <address@hidden> wrote:

Signed PGP part
Heads-up:

https://medium.com/@mdrahony/are-pgp-key-servers-breaking-the-law-under-the-gdpr-a81ddd709d3e
https://github.com/yakamok/keyserver-fs
https://lobste.rs/s/sle0o4/are_pgp_key_servers_breaking_law_under

This `keyserver-fs` is software to attack SKS, using it as a filesystem, in
what appears to be a deliberate attack on the viability of continuing to
run a keyserver.

The author is upset that there's no deletion, so is pissing in the pool.

-Phil

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel