[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
|
From: |
Andrew Gallagher |
|
Subject: |
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS |
|
Date: |
Sat, 14 Jul 2018 12:29:54 +0100 |
> On 14 Jul 2018, at 09:34, Human at FlowCrypt <address@hidden> wrote:
>
> > > Could this be mitigated by validating email addresses as they come in?
>
> > No, because ID fields are not required to be email addresses.
>
> Then let's drop keys that don't contain a valid email address in the key id.
You do realise that the largest use case for PGP keys is package distribution,
and many well known package distributors deliberately use signing keys with no
email address?
A
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, (continued)
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Andrew Gallagher, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Human at FlowCrypt, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Gabor Kiss, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Hendrik Visage, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Jeremy T. Bouse, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tom at FlowCrypt, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Hendrik Visage, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS,
Andrew Gallagher <=
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Human at FlowCrypt, 2018/07/14