[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] nokeyserver annotation
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] nokeyserver annotation |
Date: |
Tue, 20 Dec 2016 19:31:35 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
On 12/20/2016 07:29 PM, Vincent Breitmoser wrote:
>> Without verifying the signature this opens up for a DoS on users
>> expecting to distribute the keys, e.g in case of a revocation certificate.
>
> I'm not sure how, could you quickly describe the scenario you have in
> mind?
If any third party can add a non-verified signature that effectively
either stops updates of or deletes the key from a server?
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"A committee is a group that keeps minutes and loses hours."
(Milton Berle)
signature.asc
Description: OpenPGP digital signature
Re: [Sks-devel] nokeyserver annotation, Kiss Gabor (Bitman), 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Daniel Kahn Gillmor, 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Kim Minh Kaplan, 2016/12/22