Re: recommendation for key servers
There are still SKS servers running, but several are unsynchronized, including, apparently, pgp.mit.edu. Of course, they have the same key import/poisoning problems already mentioned on these lists… Here are the hockeypuck servers I could find, all synchronizing properly and apparently exchanging data (minus the unwanted packets) with the SKS servers that are synchronized: http://keys.andreas-puls.de/pks/lookup?op=stats http://keys2.andreas-puls.de/pks/lookup?op=stats http://keys3.andreas-puls.de/pks/lookup?op=stats http://pgp.cyberbits.eu/pks/lookup?op=stats http://pgp.re:11371/pks/lookup?op=stats https://pgpkeys.eu/pks/lookup?op=stats https://keybath.trifence.ch/pks/lookup?op=stats https://keyserver.trifence.ch/pks/lookup?op=stats HTH. (Please excuse the HTML.) Sent from my iPad > On Jun 24, 2021, at 7:19 PM, deloptes via Gnupg-devel > wrote: > > > Hi, we heard that sks-keyservers.net will be depreciated > so we were wondering what service we should use in the application default > settings > We I mean TDE devs > > where do we go from here? > > thank you in advance > BR > ___ > Gnupg-devel mailing list > gnupg-de...@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Difficulty of fixing reconciliation
> On Aug 15, 2019, at 3:33 PM, Werner Koch wrote: > > On Thu, 15 Aug 2019 00:02, gnupg-users@gnupg.org said: > >> But at least then we will want to add cryptography to see which >> selfsigs are truly legitimate, right? > > That would be the first and most important step to get the keyservers > back for the WoT Actually, I think hockeypuck might be validating selfsigs already: https://github.com/hockeypuck/openpgp/blob/v1/pubkey.go when it calls CheckSig(). (It isn’t that hard to install and loads most of the SKS keydump keys, but you do need PostgreSQL and then to sync with SKS to get the remaining (malformed) keys that apparently didn’t get imported from the dump.) Sent from my iPad___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Difficulty of fixing reconciliation
> On Aug 14, 2019, at 6:32 PM, MFPA via Gnupg-users > wrote: > On Wednesday 14 August 2019 at 10:39:56 AM, in > , Alessandro Vesely > via Gnupg-users wrote:- > >> I'm no expert, but it seems to me that 3rd party >> signatures should not >> be allowed. > > Perhaps a "keyserver no-third-party-signatures" option would resolve > this. Unlike "keyserver no-modify", honouring it would not require a > keyserver to undertake any cryptographic checking. No, then the “attack” just changes to making the issuing keyid = the keyid being attacked, so everything looks like a selfsig... But at least then we will want to add cryptography to see which selfsigs are truly legitimate, right? Sent from my iPad ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
