On 06/30/2019 01:34 AM, Andrew Gallagher wrote:
> 
>> On 30 Jun 2019, at 09:19, Robert J. Hansen <r...@sixdemonbag.org> wrote:
>>
>> The next version of Enigmail will no longer use the SKS network by
>> default.  Great!  But what about existing Enigmail users?  They'll see a
>> signature, click "Import Key", and ... bam.  They're likely not going to
>> think that someone's performing a malicious attack by poisoning
>> certificates: they're going to think "this is crap" and walk away.
> 
> Thankfully there is a practical - if drastic - solution for all OpenPGP users 
> everywhere. Point pool.sks-keyservers.net (and its various aliases) somewhere 
> else. The question is where to and how soon.
> 
> A

This is undoubtedly a naive question. But anyway, would it be feasible
to test keys by importing them, and seeing which ones break OpenPGP?
Maybe do it in minimal Docker containers? And then somehow block access
to those keys?

Or is blocking just as impossible as deleting?

I know that wouldn't help people whose keys had been poisoned. But at
least it would help protect complex systems that rely on OpenPGP.

And if resource requirements would be impossible, what about focusing on
the most important keys? For key packages, say.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to