sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Oh, Jeeez...!

From: Pascal Levasseur
Subject: Re: [Sks-devel] Oh, Jeeez...!
Date: Fri, 27 May 2016 13:54:50 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 

Le 26/05/2016 18:51, Robert J. Hansen a écrit :
>> The administrators of the SKS servers should be able to choose the level
>> of complexity of the proof of work using a parameter in the SKS server
>> configuration file.
> 
> No, they shouldn't.  Think about it.  If you're an attacker looking to
> bypass this mechanism, what do you do?  You find the keyserver operator
> with the lowest proof-of-work, upload there, and bam, they're propagated
> to the high proof-of-work servers.
> 
> The proof-of-work required through the system is the *lowest* of all the
> keyserver operators.
> 

Let's have a look at Hashcash as a POW mechanism.

Suppose we add a POW data to the PGP key data transaction request

We can use the number of 0 in the 160-bit SHA-1 hash as the level of
complexity indicator.

The servers who receive a request from an user software to add a key can
easily check the number of zero to find the level of POW and accept or
not the request.

The same mechanism can be used between servers for database reconciliation.

Please feel free to find the weaknesses in this suggestion !!!

Pascal

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]