-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 30 Jun 2019, Andrew Gallagher wrote:
On 2019/06/30 11:49, Mirimir via Gnupg-users wrote:
It would stop when certs can no longer be poisoned. And I don't see the
downside. I mean, what good does it do to have people downloading keys
that break their stuff?
I don't see that as "doing the bad guys’ work for them". I see it as
preventing bad guys escalating from hurting a few people to doing
serious damage. That's not "punishing the victim".
It prevents escalation, yes. But at the expense of exiling the targeted
people from the network - which may well be the attacker's real intent.
Any "solution" that turns a general problem into a problem for a small
number of *specific individuals* is not a solution, it's a lynching. I'm
sure those specific individuals will be thankful that they've been
thrown under the bus for the greater good. I'm sure nobody else will be
looking over their shoulder wondering whether they'll be next.
We solve this issue for *everyone*, or we all go home.
--
Andrew Gallagher
Hi,
maybe I don't get the original idea - but I thought, it was to block
*uploads/updates* which would poisson a certificate - not to blackhole
them after they got poissoned?
cheers,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl0YwjkACgkQCu7JB1Xa
e1ozlA/+O7leg3qYlW1KO8+z1cE2IDe03CDUYX1PovzIpbxSiSYREEqbcJJkelqv
Bp1h8LZKUZuRNYIHD7NbFYMSUMaJTpI6S1p3stN214cK5vqY01x6ncEMvtpHJTGK
/87VtN+g+9qch59lCAZMjOrVtrgW0R5AqCsjIisPFAPyAHjNYF+EjQ5xQkYfVq35
ny4TJXjSBjCzFO8+OcUW5ThHGwIq5CL6CW5PFmPDtkzIdI/yPowq20BWHz/AGiSq
uxe32hKyJXNABe0Ow73NB4IOK8GrlGuUs2WAoMDKfQaBdNNguqgf8rSP52BLhtUT
wY1xI2f/6mpi7Ygrwqnw6kIHEvhFAVR5T3KobLERn7B9uiXlBAp+PVIc/QDuPFG5
dVMgBacuGdXXM+dpjGKYbDVi1WYVr5JyqeJwNOiC/0fyNgO69HQGmSPPsFFauo9s
i2pbVO/cv9X/aF9KLCcBbMP/nKHokLnShU3xAoIinFdGHN68iFVCPGlQhLwGlpMN
0Xq52TVjlpwt8OtEak0GIPhdyXQQkLrZnsDc2sB6s99u8R0L78KFoWAorvTDP9Hb
o8+rz93AZxiObn9q2iTKYve0tWLuvTUTiTmgd42I2qFLNIfGLQCBtkqpcgBje4AK
S6mrCP8AMrdhO3bOU1bdarN4FEonV6DUHAk8aMiqbwp1quAyHaw=
=+Lsx
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
