> It is true the attacks were what brought it down, but the amount of effort 
> was not a "sustained
> attack" by any measure. The invested resources are somewhere around "couple 
> hours and $0.00".

I'm not sure that's true.

The keyserver poisoning attack was demonstrated first by EFF's Micah
Lee.  When he published his findings, he also published the Python
scripts necessary to execute the attack.

I don't know who the poisoner was.  However, if I were to do the
poisoning attack I certainly would've begun by downloading Micah's code
and adapting it to the task.  And for that reason I think it's entirely
reasonable to believe the keyserver poisoning attack was bootstrapped by
an EFF-funded research project which inappropriately released attack tools.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to