-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 14. August 2014 05:31:40 MESZ, Phil Pennock sks-devel-p...@spodhuis.org
wrote:
What is the threat model which you are trying to protect against?
As the public keys themselves are of cause nothing which needs to be secured, I
see these two
As the public keys themselves are of cause nothing which needs to be secured,
I see these two possible aspects:
- meta data like 'who up-/downloaded which keys' could be revealed
yes
- mitm attacks may manipulate up-/downloaded keys
no
Every uploaded key can be manipulated legally by
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
- mitm attacks may manipulate up-/downloaded keys
no
Every uploaded key can be manipulated legally by anyone.
(I.e. you attach a new signature to your friend's key
and you send back to the key servers.)
Moreover anybody can send a totally
You can still block certain pakets from up/downloads (i.e. not
providing signature pakets for some key -- kind of a DoS when checking a
trust path)
We spoke about information leakage and manipulation so far.
DoS is a quite other topic.
SKS network is quite vulnerable from this point of view.
A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 08/14/2014 02:12 PM, Christoph Egger wrote:
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
- mitm attacks may manipulate up-/downloaded keys
no
Every uploaded key can be manipulated legally by anyone. (I.e.
you attach a new signature
On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
On 08/14/2014 02:12 PM, Christoph Egger wrote:
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
- mitm attacks may manipulate up-/downloaded keys
no
Every uploaded key can be manipulated legally by anyone. (I.e.
you attach a new signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 08/14/2014 04:04 PM, Pete Stephenson wrote:
On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
On 08/14/2014 02:12 PM, Christoph Egger wrote:
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
- mitm attacks may manipulate up-/downloaded keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 08/14/2014 04:36 PM, Pete Stephenson wrote:
On 8/14/2014 4:06 PM, Kristian Fiskerstrand wrote:
On 08/14/2014 04:04 PM, Pete Stephenson wrote:
My (albeit limited) understanding is that SKS is an append-only
system, and that it is not possible
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2014-08-14 at 13:30 +0200, Matthias Schreiber wrote:
On 14. August 2014 05:31:40 MESZ, Phil Pennock sks-devel-p...@spodhuis.org
wrote:
What is the threat model which you are trying to protect against?
As the public keys themselves are of
Hello Everyone,
I've installed sks on Ubuntu 14.04 from the repositories and I'm getting
an error when trying to import keys to do the initial seeding.
When I run ./sks_build.sh and select fastbuild I am told that the KeyDB
directory already exists and the script. Problem is, I can't actually
Hi All,
I have a new keyserver running and would like to peer with other
servers. Please add me to your 'membership' file with the following
entry and provide your details in return so I can do the same:
pgp.cajuntechie.org 11370 # Anthony Papillion 0x53B04B15
Thanks,
Anthony
11 matches
Mail list logo