On Fri, 2019-06-14 at 11:56 +0100, Damien Goutte-Gattat via Gnupg-users wrote: > Hi, > > On Fri, Jun 14, 2019 at 10:12:51AM +0200, Oscar Carlsson via Gnupg-users > wrote: > > I'm generally curious on your opinions on the latest new keyserver, > > this time running a new software than the normal keyservers. > > For what it's worth, my main concern is that it is a centralized > service. > > This puts whoever is running keys.openpgp.org in a uniquely good > position to do Bad Things™. Of course I don't expect they would, but the > point is, they could (or they could be forced to).
To be honest, I've been considering similar problems with SKS lately and I don't really think a distributed service such as SKS is any better in this regard. Given that SKS pool is entirely open, it is rather trivial for a single malicious entity to set multiple new keyservers up, and gain advantage over other servers in the pool. In fact, this is probably easier than corrupting the single central server. -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
