ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver

2019-04-05 04:13:35
On Thu, Apr 04, 2019 at 06:41:14PM -0400, Daniel Kahn Gillmor wrote:
As you may or may not have heard, the venerable OpenPGP keyserver
network is dying.  This has implications for key discovery, revocation,
subkey rollover, expiration update, etc. across the ecosystem of tools
that use OpenPGP.

The keyserver network dying because of several reasons, some of which
are discussed in a thread over at [0] -- but one main
issue is that the SKS keyserver network allows anyone to attach
arbitrary data to any OpenPGP certificate, bloating that certificate to
the point of being impossible to effectively retrieve.  SKS isn't the
only keyserver that is vulnerable to this kind of attack either [1].

I like the suggestions you've made so far (though I think do think that
various people seem to find image UATs useful, so limiting the packet
size to 8383 is overly limiting).

One additional thought I've had in the past is that if the keyserver is
capable of cryptographic verification it could only accept new keys that
are signed by an existing key. This would prevent a random flood of
unconnected keys (such as Evil32), and mean that in the event of such a
set of keys being uploaded it would be easy to trace which signature was
the link (and potentially blacklist that key).

J.

-- 
... I'm dangerous when I know what I'm doing.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp