[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] new attack on sks keyserver ?
|
From: |
info |
|
Subject: |
Re: [Sks-devel] new attack on sks keyserver ? |
|
Date: |
Tue, 2 Jul 2019 06:33:58 -0400 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
* Stop serving poisoned certificates to any client (by configuring our
HTTP gateway with another URL blacklist, so that GETs for poisoned
keys are not allowed). I'm planning to use some of the existing DB
statistics scripts to extract the list of keys which have more than N
signatures (which N would be reasonable? 10? 30? 300?) - ONGOING
You can parse the key, strip out all 3rd party certifications (or all
except the first N), and store it stripped. Our keyserver does this.
Benefit - less data to manage. (I'd contribute the code but it's not
OCaml).
-----BEGIN PGP SIGNATURE-----
Version: FlowCrypt 6.8.6 Gmail Encryption
Comment: Seamlessly send and receive encrypted email
wsBcBAEBCAAGBQJdGzMWAAoJEA1WiOvzECvny2QH/RP0JW3rVi4db/RcYR/P
h7HZc5JoVYODNXwcpNMBFnleRViVoYa/a331jllajmi+3uXjN1tXt8jPENEq
rsR13b5y0hjbvUnhzXup5Us2t7PS0oV8HRnC6GGzdAEWSiK2SAC74lcJOJMg
YQjmHz+ZIxnJE3a2EaugdEsEEW20RRMlrDS104sBgEi0UbTV46yz2lwaofjD
LOhZmcZ0Wer4Fj8eCIxjLhSBJbcJKV3mlshLesQQ5P/JSNMM0K7TODnRbXYB
6bXsa9/1Q8CVkj5snBXixWpom1N4ZOaJkJONVhRuFK5a2fCUi1eZyQs1U8BK
RCiDCFza2AmBjcY0BZj0/dM=
=uaO2
-----END PGP SIGNATURE-----
0x0D5688EBF3102BE7.asc
Description: application/pgp-keys