[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
From: |
Ryan Hunt |
Subject: |
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS |
Date: |
Fri, 13 Jul 2018 18:57:10 -0600 |
Could this be mitigated by validating email addresses as they come in? Like
sending an encrypted mail to the said address with a return token, If the token
is not provided the key is never put into the SKS rotation?
I think a solution like this would be much more effective, and if there was
some desire to conform to GDPR at some point it would be pretty much required
first step because I cannot see how we could possibly remove keys without a
command signed by that key, and putting this in place would make that ‘no more
difficult to remove than it was to add’..
Regards,
-Ryan Hunt
> On Jul 13, 2018, at 11:20 AM, Phil Pennock <address@hidden> wrote:
>
> Signed PGP part
> Heads-up:
>
> https://medium.com/@mdrahony/are-pgp-key-servers-breaking-the-law-under-the-gdpr-a81ddd709d3e
> https://github.com/yakamok/keyserver-fs
> https://lobste.rs/s/sle0o4/are_pgp_key_servers_breaking_law_under
>
> This `keyserver-fs` is software to attack SKS, using it as a filesystem, in
> what appears to be a deliberate attack on the viability of continuing to
> run a keyserver.
>
> The author is upset that there's no deletion, so is pissing in the pool.
>
> -Phil
>
>
- [Sks-devel] heads-up: another attack tool, using SKS as FS, Phil Pennock, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Matthew Walster, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS,
Ryan Hunt <=
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tobias Frei, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tom at FlowCrypt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Ryan Hunt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Ryan Hunt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Kiss Gabor (Bitman), 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tom at FlowCrypt, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Andrew Gallagher, 2018/07/14