On 2014-10-18 at 22:25 -0700, Daniel Roesler wrote: > Howdy all, as always, if this is off topic, please direct me to the > appropriate mailing list. > > Today I randomly visited http://keys.gnupg.net/, which appears to be > loading various compromised and broken pages[1][2], which was > confirmed by Zaki and Rhodey[3].
If you want specific help on HKP keyservers, the normal discussion mailing-list is <[email protected]> -- this list has operators and developers on it. More context: keys.gnupg.net points to pool.sks-keyservers.net which is round-robin DNS across a bunch of keyservers which exchange keys via the SKS peering protocol, as implemented in two codebases, SKS (written in OCaml) and Hockeypuck (written in Golang). There is no background checking of the people running the keyservers. https://sks-keyservers.net/ is Kristian Fiskerstrand's site on the pool software which he maintains -- he runs the DNS and ultimately decides which features/versions are required to go into pool.sks-keyservers.net. You should probably read the overview and look over the status pages. Resources which might be of interest: What PGP keyservers exist: http://people.spodhuis.org/phil.pennock/pgp-keyservers What's involved in running an SKS keyserver: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering SKS mailing-list: https://lists.nongnu.org/mailman/listinfo/sks-devel Me writing on the threat model of PGP keyservers: http://lists.gnu.org/archive/html/sks-devel/2014-08/msg00054.html > keys.gnupg.net is the default keyserver for which GPG on my Xubuntu > 14.04 sends and receives keys, so I'd presume this is not expected > behavior. The security model of PGP is based around signatures on keys, not upon the transport or origin of the keys. > What can we do to make keys.gnupg.net switch to https or at least make > things more stable? With all the discussion about PKI on this list, I > figure there's bound to be some good ideas. Look through the sks-devel list archives. -Phil _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
