[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c cont
|
From: |
Robert J. Hansen |
|
Subject: |
Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing? |
|
Date: |
Sun, 27 May 2012 06:15:18 -0400 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 |
On 5/27/12 5:50 AM, Giovanni Mascellani wrote:
> I'm just a newbie here, but actually I'd like to see the same concept
> applied in a more general way: I think there is much garbage in the
> keyservers, even behind the PGP robo-signer.
The problem here is this violates one of the principle design features
of the keyserver network:
"We never, never, never lose certificates."
It is preferable for a keyserver to outright go down than it is for even
one certificate to be lost. If a certificate is lost then a malicious
actor could re-upload another key with the same short ID (a very easy
thing to do), and that could facilitate all different kinds of attacks
on people who don't properly validity-check certificates before using them.
If the keyserver goes down then everyone knows in short order there's a
problem. If a certificate is lost and silently replaced it might be a
long time before being discovered. (Discovery is more likely if the
keyserver is synchronizing with others, but there are a lot of
standalone servers.)
Further, expired certificates are still useful. I have some emails more
than five years old that are still relevant and useful. If a
certificate gets removed just because it expires, how am I to check the
signature on those messages in order to ensure they haven't been
tampered with? If the expired certificate remains on the servers,
though, I can download it, validity-check it, and be confident in the
integrity of my message.
The same logic applies to revoked certificates: they're still useful for
the same reasons.
The keyservers never, never, never lose certificates. That's a design
goal and one that the SKS maintainers believe is a good one. I agree
with them, and want to see this design goal maintained in all future
development.
That said, welcome to the community, and please understand that although
I think your idea is awful I'm honestly happy to see you here. :) The
mailing list is a place where ideas come into violent collision, but we
try to be reasonable human beings to each other. Welcome!
- [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Jeffrey Johnson, 2012/05/25
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Gabor Kiss, 2012/05/26
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?,
Robert J. Hansen <=
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Gabor Kiss, 2012/05/27
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Robert J. Hansen, 2012/05/27
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Gabor Kiss, 2012/05/28
- [Sks-devel] Keys over NNTP, Kiss Gabor (Bitman), 2012/05/28
- Re: [Sks-devel] Keys over NNTP, Phil Pennock, 2012/05/28
- Re: [Sks-devel] Keys over NNTP, David Shaw, 2012/05/28
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Jeffrey Johnson, 2012/05/27
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, John Marshall, 2012/05/27
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, David Benfell, 2012/05/27
- Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?, Jeffrey Johnson, 2012/05/27