Re: [openpgp] OpenPGP private certification

On Wed, 2015-04-08 at 09:23 -0400, Phillip Hallam-Baker wrote: 
> > Crypto is not an iPhone.
> Mine is.
Believing that you're secure with a proprietary driven system, from a
company which is known to have worked with mass surveillance
organisation (and if it's just because they were forced so by law), is
naive - at best.


> > Removing a key (and its associated information like revocations or other
> > signatures) from the keyservers is generally a break of security, as it
> > allows for blocking or similar attacks.
> > And attacker could make a valid key removed just by blocking keys that
> > haven't been "renewed".
> And what is to stop someone maliciously loading up a broken key or an
> entirely fraudulent key?
Nothing, but neither would these be trusted nor has it anything to do
with the security breaches that arise from removing data from the
keyservers.


> I don't think that you can make a good case for circulating bad data
> in case it might be good.
A key and associated information doesn't become "bad" just because the
user didn't "renew" it.
We have explicit mechanisms for users to mark their keys as no longer be
usable, either by revocation signatures or by giving them an expiration
date. Both methods let the decision in the hand of the user and don't
place it into the hand of potentially evil other parties.

And if with "bad data" you mean corrupted keys in the sense of broken
uploads or that like, then this is obviously something different.
Such key would immediately be ruled out and not because someone decided
that it suddenly doesn't match some criteria anymore.

Regardless of how you put it, removal of valid keys (valid in the sense
of "conforming to the OpenPGP format" is a break of security.


C.

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp