Flooding attack against synchronising keyservers

[Andrew Gallagher]

Hi, everyone.

The synchronising keyserver network has been under an intermittent flooding 
attack for the past five days, resulting in the addition of approximately 3 
million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are 
currently being submitted multiple times per second via a large number of Tor 
exit relays, making them difficult to block using normal abuse mitigations. If 
unaddressed, this will eventually fill up the disk of all public synchronising 
servers.

Effective immediately, pgpkeys.eu has been temporarily disconnected from all 
its peers, and is blocking all key submissions. It will remain available for 
key lookups but will not allow key updates while the flooding attack continues.

I strongly recommend that other keyserver operators take similar measures, 
until a more permanent solution can be deployed.

A

signature.asc
Description: Message signed with OpenPGP