[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] nokeyserver annotation
From: |
Vincent Breitmoser |
Subject: |
Re: [Sks-devel] nokeyserver annotation |
Date: |
Tue, 20 Dec 2016 19:34:12 +0100 |
User-agent: |
NeoMutt/20161104 (1.7.1) |
Kristian Fiskerstrand(address@hidden)@Tue, Dec 20, 2016 at 07:31:35PM +0100:
> On 12/20/2016 07:29 PM, Vincent Breitmoser wrote:
> >> Without verifying the signature this opens up for a DoS on users
> >> expecting to distribute the keys, e.g in case of a revocation certificate.
> >
> > I'm not sure how, could you quickly describe the scenario you have in
> > mind?
>
> If any third party can add a non-verified signature that effectively
> either stops updates of or deletes the key from a server?
They can't - the cert won't be accepted. Keys are never "deleted" from
the server, since if they have such cert they just won't be accepted in
the first place. Unless you're talking about my own keyring and
preventing me to upload that way, in which case my local client better
check all self certs before exporting (and it's a lost cause anyways) :)
- V
Re: [Sks-devel] nokeyserver annotation, Kiss Gabor (Bitman), 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Daniel Kahn Gillmor, 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Kim Minh Kaplan, 2016/12/22