[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

From: Kiss Gabor (Bitman)
Subject: Re: [Sks-devel] heads-up: another attack tool, using SKS as FS
Date: Sat, 14 Jul 2018 07:07:55 +0200 (CEST)
User-agent: Alpine 2.11 (DEB 23 2013-08-11)

On Fri, 13 Jul 2018, Ryan Hunt wrote:

> Sooner or later you guys need
> start looking forward, if mistakes were made in the past ignoring them is not
> going to solve anything.

> Ignore the users, your the sysops.. Either SKS will die, or the entire thing
> is going to have to be scrapped and redesigned with something that can permit
> removal of keys, or drop all support for images and start validating key
> holders.. none are ideal, but one is pretty clearly better than the others to
> me.

My 2 cents.

The current infrastructure must be wiped out. It is a dead duck.

In the new era key owners have to proof their identity. Practically
speaking key servers accept only keys belonging to the strong set.
(At least in first step.)
Moreover key owners must add an UID with this text:

        "I want this key to be provided by public databases.
        I understand and I agree that it cannot be deleted any more."

And yes. Key servers have to do cryptographic operations.

Later, when we find a sophisticated algorithm, key deletion could be
triggered by adding another properly signed UID:

        "I want this key to be deleted from public databases.
        Thanks guys for your efforts. :-)"



reply via email to

[Prev in Thread] Current Thread [Next in Thread]