> It is true the attacks were what brought it down, but the amount of effort > was not a "sustained > attack" by any measure. The invested resources are somewhere around "couple > hours and $0.00".
I'm not sure that's true. The keyserver poisoning attack was demonstrated first by EFF's Micah Lee. When he published his findings, he also published the Python scripts necessary to execute the attack. I don't know who the poisoner was. However, if I were to do the poisoning attack I certainly would've begun by downloading Micah's code and adapting it to the task. And for that reason I think it's entirely reasonable to believe the keyserver poisoning attack was bootstrapped by an EFF-funded research project which inappropriately released attack tools. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users