[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

From: Ryan Hunt
Subject: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Date: Fri, 13 Jul 2018 21:58:51 -0600

Does a user revolt even matter as the SKS pool is dismantled by continuous 

I think a significant amount of redesign is required to save the SKS network at 
this point, the crusades against SKS have just been ratcheting up and they are 
winning IMO, I dropped my server from the pool eons ago because of how much 
time was required to keep my server alive and healthy, it was like having a 
toddler that never ever grew up.. Sooner or later you guys need start looking 
forward, if mistakes were made in the past ignoring them is not going to solve 

Over a decade ago we were all discussing what would happen if child pornography 
was uploaded to the pool, and here we are still with our heads stuck in the 
sand.. IMHO its about time we just nuked that issue from orbit. Ignore the 
users, your the sysops.. Either SKS will die, or the entire thing is going to 
have to be scrapped and redesigned with something that can permit removal of 
keys, or drop all support for images and start validating key holders.. none 
are ideal, but one is pretty clearly better than the others to me.


> On Jul 13, 2018, at 9:37 PM, Robert J. Hansen <address@hidden> wrote:
>> IMHO Photo-ID should be dropped entirely, I see no point and its just
>> ripe for abuse like this..
> Unfortunately, we really can't.  They've been part of OpenPGP
> certificates for just about twenty years now.  They are an expected part
> of the certificate.  Users already scream bloody murder about GnuPG and
> Enigmail dropping support for SE packets and those have been deprecated
> since 2003.  The idea of just waving a wand and getting rid of a
> non-deprecated part of a public key is just ... no.
> Is it technically possible?  Yes.  But it would require a significant
> amount of redesign: we'd have to parse out the key, recognize images,
> drop them, etc.  Right now SKS does *zero* cryptographic verification of
> the key data; we'd need to change SKS to introduce at least some crypto
> support.
> Is it possible without facing a user revolt?  No.
> _______________________________________________
> Sks-devel mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]