[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Keyserver flooding attack: mitigation straw-man
|
From: |
compuguy |
|
Subject: |
Re: [Sks-devel] Keyserver flooding attack: mitigation straw-man |
|
Date: |
Wed, 10 Jul 2019 07:49:15 -0700 (MST) |
Yegor Timoshenko wrote
>
> I think the logical continuation of your idea is to convert SKS
> dump to a Git repo and serve keys from there and accept any
> modifications to it via pull requests from that point forward.
> I'd guess that many SKS operators would switch to plain-text
> database as source of truth, as a transparent forkable medium. It
> does require human resources to keep up however, and quite likely
> I underestimate the scale of things.
>
> TLDR: This is an improvement, but it won't stop any malicious
> attacker (i.e. anyone who wants to take down SKS, either by
> flooding or poisoning all keys or by abusing denial-of-service
> issues in gossip protocol).
I think the git repo proposal is the best way forward. The current way the
SKS Keyservers propagate changes is way to vulnerable to abuse/DoS.
-compuguy
--
Sent from: http://nongnu.13855.n7.nabble.com/SKS-Devel-f83255.html