Hi Stefan. Am Sonntag, den 16.12.2018, 22:06 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > > My proposal could be run also in parallel. I think it would be > > > only a weekend job for a programmer to modify the server code, > > > so that it accepts only incoming and verified email and not web > > > or GnuPG via Tor submissions. > > A weekend job... Muhahahahahahaha, you don't do much programming, > > don't you? One would have to write an email bot, change the > > keyserver code to no longer accept submissions via HKP, then it > > would be neccessary do disable HKP for upload in GnuPG to avoid > > broken Clients and so on.
> While testing today how to make someones pub key non-importable,non- > receivable, with an evil version of GnuPG, I am wondering about the > following: > Is it not possible that for pub key submissions GnuPG could be > installed on key servers to check if the key material is valid, prior > keys got added? This would be possible for sure. Most Servers I know run on Linux, GPG should be installed anyways. The simpliest way would be to store the key temporarily, try to import it into a dummy keyring and check the success/failure of the import. On Success use the key, on failure reject it. > My test today showed me that it looks like that GnuPG is not used on > key servers. That's true. I also don't know a server doing it this way, but it would be possible without the need to break the actual HKP. > In case if there would be email submissions possible, in the future, > i think it could work something like this: Install postfix and > procmail, while procmail would pipe that message to gnupg for > verification of valid key data, prior the pub key gets added to the > pool. This would be possible, too. Years ago there was an email submission possibility. Some mail clients even had a menu item to add the ascii armoured key into the mail body. But, this functions have gone years ago. I think nobody really used it, so it was abandonned. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users