[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
|
From: |
Ryan Hunt |
|
Subject: |
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS |
|
Date: |
Fri, 13 Jul 2018 21:58:51 -0600 |
Does a user revolt even matter as the SKS pool is dismantled by continuous
attacks?
I think a significant amount of redesign is required to save the SKS network at
this point, the crusades against SKS have just been ratcheting up and they are
winning IMO, I dropped my server from the pool eons ago because of how much
time was required to keep my server alive and healthy, it was like having a
toddler that never ever grew up.. Sooner or later you guys need start looking
forward, if mistakes were made in the past ignoring them is not going to solve
anything.
Over a decade ago we were all discussing what would happen if child pornography
was uploaded to the pool, and here we are still with our heads stuck in the
sand.. IMHO its about time we just nuked that issue from orbit. Ignore the
users, your the sysops.. Either SKS will die, or the entire thing is going to
have to be scrapped and redesigned with something that can permit removal of
keys, or drop all support for images and start validating key holders.. none
are ideal, but one is pretty clearly better than the others to me.
-Ryan
> On Jul 13, 2018, at 9:37 PM, Robert J. Hansen <address@hidden> wrote:
>
>> IMHO Photo-ID should be dropped entirely, I see no point and its just
>> ripe for abuse like this..
>
> Unfortunately, we really can't. They've been part of OpenPGP
> certificates for just about twenty years now. They are an expected part
> of the certificate. Users already scream bloody murder about GnuPG and
> Enigmail dropping support for SE packets and those have been deprecated
> since 2003. The idea of just waving a wand and getting rid of a
> non-deprecated part of a public key is just ... no.
>
> Is it technically possible? Yes. But it would require a significant
> amount of redesign: we'd have to parse out the key, recognize images,
> drop them, etc. Right now SKS does *zero* cryptographic verification of
> the key data; we'd need to change SKS to introduce at least some crypto
> support.
>
> Is it possible without facing a user revolt? No.
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
- [Sks-devel] heads-up: another attack tool, using SKS as FS, Phil Pennock, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Matthew Walster, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Ryan Hunt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tobias Frei, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tom at FlowCrypt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Ryan Hunt, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/13
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS,
Ryan Hunt <=
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Kiss Gabor (Bitman), 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Tom at FlowCrypt, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Andrew Gallagher, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Robert J. Hansen, 2018/07/14
- Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Ryan Hunt, 2018/07/13
Re: [Sks-devel] heads-up: another attack tool, using SKS as FS, Andrew Gallagher, 2018/07/14