ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Do we need to secure our keyservers against kind of DoS Attacks

2009-01-31 18:11:11
from [Christoph Anton Mitterer] [Permanent Link] 
Hi.

I having the following issue on my OpenPGP "TODO" list for some very
long time now, and David just remembered me on it.

On Fri, 2009-01-30 at 22:48 -0500, David Shaw wrote: 

Yes.  However note that you can un-revoke a key by removing the
revocation signature.  That's very difficult to do in practice
(keyservers would have the revoked copy).


Keyservers are very critical for any PKI to work, aren't they?
I mean there are plenty of "attacks" which would be possible without
them:
- we couldn't get revocations
- we prone to attacks where someone simply removes some subpackets (e.g.
a revocation signature, or a newer and updated self-signature)
- there might be even more cases I can't think of


Of course our keyservers work quite well, I can to some "upgrade my
keyring" command and get the new keys and all added packets.
And the big advantage is that no one can remove anything from them (it's
even difficult for the admins, though probably not impossible).

But there is the possibility of a kind of a DoS-Attack; service in the
sense of "deliver the whole key and everything belonging to it to the
requester".
Imagine that my ISP is evil, tracks my connections and always removes
some revocation signatures when I get the data.


Are there currently working means to prevent this?


One possibility would be do static_cast<keyservers>(DNSSEC) and
implement a secured keyserver protocol.
Of course we should use OpenPGP for this :-)
A keyring could always sign the data he sends to a user, and the user
could have the public key from that keyserver set up somewhere in his
implementation as valid for acting as keyserver.

Of course one could build trust-paths to the keyserver's public keys, et
cetera, et cetera.

Now the ISP could only block the whole keyserver, but at least I'd
notice it and an implementation could WARN me if for example regularly
updates of the keyrings don't work.


Just an idea,... :-)


Regards,
-- 
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München

christoph(_dot_)anton(_dot_)mitterer(_at_)physik(_dot_)uni-muenchen(_dot_)de
mail(_at_)christoph(_dot_)anton(_dot_)mitterer(_dot_)name

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Series of minor questions about OpenPGP 4, David Shaw
Next by Date:  Re: Series of minor questions about OpenPGP 4, Peter Thomas
Previous by Thread:  Series of minor questions about OpenPGP 6, Peter Thomas
Next by Thread:  Re: Do we need to secure our keyservers against kind of DoS Attacks, Wim Lewis
Indexes:  [Date] [Thread] [Top] [All Lists]