|From:||Tom at FlowCrypt|
|Subject:||Re: [Sks-devel] heads-up: another attack tool, using SKS as FS|
|Date:||Sat, 14 Jul 2018 04:00:02 +0000|
> IMHO Photo-ID should be dropped entirely, I see no point and its just
> ripe for abuse like this..
Unfortunately, we really can't. They've been part of OpenPGP
certificates for just about twenty years now. They are an expected part
of the certificate. Users already scream bloody murder about GnuPG and
Enigmail dropping support for SE packets and those have been deprecated
since 2003. The idea of just waving a wand and getting rid of a
non-deprecated part of a public key is just ... no.
Is it technically possible? Yes. But it would require a significant
amount of redesign: we'd have to parse out the key, recognize images,
drop them, etc. Right now SKS does *zero* cryptographic verification of
the key data; we'd need to change SKS to introduce at least some crypto
Is it possible without facing a user revolt? No.
Sks-devel mailing list
|[Prev in Thread]||Current Thread||[Next in Thread]|