Re: [Sks-devel] Proposal: Start verifying self-signatures

[Daniel Roesler]

We're getting fairly deep into flamewar territory, so I'm going to try
and be as calm and reasonable as possible in my responses. I kindly
ask for calm and reason in return.

On Mon, May 18, 2015 at 1:14 PM, Robert J. Hansen <address@hidden> wrote:
>> Uploading user attribute packets with bogus self-signatures is
>> probably the easiest way to DoS the entire keyserver network.
>
> No.  No, it's not.
>
> The easiest way is to add a single child porn image to a UID and upload
> it to the keyserver, and watch as worldwide every keyserver operator
> either takes down their server, keeps it up but cooperates strongly with
> authorities, or gets arrested.


Your tactic adds much, much more significant legal risk since you
could be arrested for sexual offenses (very long prison sentence plus
lifelong branding). Most troll organizations don't cross this line,
and take more technical approaches to DoS'ing a system.

This proposal assumes that the threat model is more of trolls than
sociopaths, so your kind of attack isn't in scope.

>
> The *next*-easiest way is to start filing EU data privacy directives.
> For the price of a postage stamp you can take EU keyservers offline.
> This has already been done successfully (see Peter Palfreder as an
> example).  If I were in the EU, I would be far more concerned with this
> than with maliciously large user attributes.

Many servers are not located in the EU, so this would not DoS the
keyserver system.

>
> Why would I use your mechanism when I can just write a letter and take
> down any keyserver in the EU?  And if I'm enough of a sociopath as to
> want to take down the entire keyserver network, why would I be dissuaded
> by the prospect of needing to acquire just one child porn image to make
> my attack successful?
>
> Call this the Ivory Fallacy.  When academics and theoreticians think
> like rogues, we tend to imagine academic and theoretical rogues.  But
> rogues are generally quite pragmatic people, and in many ways more
> clever than we are.  "Upload a 1TiB image?  Come on, man.  You can do
> better than that."

You seem to have fallen back on the "let's do nothing, as this single
one proposal does not protect us from *all* evil" that Arnold
previously mentioned.

I believe the threat model (trolls) is valid, and have offered a
proposal to mitigate some attacks that are likely from this threat
model.

>
>> Are we just going to wait around until someone starts doing this? We
>>  can solve these vulnerabilities now.
>
> When people start talking about the urgency of immediate action, my
> skepticism alarm triggers.  In my experience, frying pans without fires
> are few and far between.

As mentioned in the first post in this thread, this proposal was
triggered by a troll inserting an easily factored RSA subkey in hpa's
public key with an invalid self signature. So this type of attack and
proposal does have precedent.

>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>