[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Keyserver flooding attack: mitigation straw-man

From: compuguy
Subject: Re: [Sks-devel] Keyserver flooding attack: mitigation straw-man
Date: Wed, 10 Jul 2019 07:49:15 -0700 (MST)

Yegor Timoshenko wrote
> I think the logical continuation of your idea is to convert SKS
> dump to a Git repo and serve keys from there and accept any
> modifications to it via pull requests from that point forward.
> I'd guess that many SKS operators would switch to plain-text
> database as source of truth, as a transparent forkable medium. It
> does require human resources to keep up however, and quite likely
> I underestimate the scale of things.
> TLDR: This is an improvement, but it won't stop any malicious
> attacker (i.e. anyone who wants to take down SKS, either by
> flooding or poisoning all keys or by abusing denial-of-service
> issues in gossip protocol).

I think the git repo proposal is the best way forward. The current way the
SKS Keyservers propagate changes is way to vulnerable to abuse/DoS.


Sent from:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]