Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

From:	Human at FlowCrypt
Subject:	Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Date:	Sat, 14 Jul 2018 16:34:11 +0800

> > Could this be mitigated by validating email addresses as they come in?

> No, because ID fields are not required to be email addresses.

Then let's drop keys that don't contain a valid email address in the key id.

We should want to solve this, not stick our heads in the sand.

On Sat, Jul 14, 2018, 14:56 Andrew Gallagher <address@hidden> wrote:

> On 14 Jul 2018, at 01:57, Ryan Hunt <address@hidden> wrote:
>
> Could this be mitigated by validating email addresses as they come in?

No, because ID fields are not required to be email addresses.

A

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, (continued)

Prev by Date: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Next by Date: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Previous by thread: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Next by thread: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Index(es):
- Date
- Thread