[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Blacklisting on UID?

From: Hendrik Visage
Subject: Re: [Sks-devel] Blacklisting on UID?
Date: Wed, 29 Aug 2018 19:46:17 +0200

Hi Thorsten,

 I believe the problem have been highlighted that the SKS keyservers are a very easily abused infrastructure with things like the photos etc.
not to mention big keys that caused other denial of service type attacks on the server infrastructure.

 The question perhaps, is:
 How critical is this SKS type infrastructure for whom?

 It’s not DNS nor BGP type critical for the internet, so who do feels this is critical? 
And if it is critical for somebody, those somebodies might need to put up their hands and start to perhaps rethink the keys, the infrastructure, 
consider what have been learned recently etc. and then we might have a way to go forward in a bit more “protected way.

Just these few months I’ve been “involved”, I noticed the following:

- the keys might need to be formally specified -> how do you chec that is acually a proper key??
-  size and format of userID etc.
- images might need to be dropped.
- filters for EU/etc. privacy specifications??

So yes, things like the magnet URIs might just be getting more prolific until we might need to be forced to shutdown ;( 

On 29 Aug 2018, at 18:52 , Thorsten Bro | openSUSE Heroes <address@hidden> wrote:

Hi all,

I read this just yesterday and checked it on our instance - and
unfortunately - I found a lot of magnet URIs on our keyserver.

This might be a copyright problem for organizations and companies
running SKS keyservers and I have an evaluation ongoing if openSUSE can
still provide an SKS keyserver if we face this issue.

Are there any plans for blacklisting or filtering specific GPG UIDs by
pattern in the sks server or database?



Thorsten Bro <address@hidden>
- Member of openSUSE Heroes -

Sks-devel mailing list

Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192

Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]