On Wed, 5 Dec 2018 10:31, c...@cod-web.net said: > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know exactly why it's included in search
There are several problem with the keyservers due to their policy of being a plain data store. Actually this policy is a Good Thing because it allows to sync with other servers and their is no need for a central authority. The problem is that the keyservers are abused as data store and, worse, as a public search engine for such data. The latter point can be mitigated by not having a web interface which displays everything. Restricting user-ids and such does not help because there are other ways to store arbitrary data in a OpenPGP keyblock. Even keyservers which would checking the signatures won't help because key signatures can be made using an arbitrary amount of new keys. A better way of using keyservers would be to entire disable their search by name or mail address capabilities. Not only in the web interface but also in their API. Of course that will be a radical change but I consider it better for security: Too many users assume that the keyservers return a correct key; which they don't. In fact their is no way to get a key for a given mail address from a web server. It used to work just out of luck and because all keyserver users used to be fair netizens. The keyserver would then be used for getting the keys to verify a signature (because the lookup is by fingerprint) and to distribute revocations. That is still a useful thing to have. Further the keyservers should stop to accept key signature; for Web of Trust things signed keys should be mailed directly instead (caff already does that). FWIW, I have the problem of a garbled key for quite some time which I can fix for me using things like import-filter drop-sig= sig_created_d=2015-12-24 import-filter drop-sig=|| sig_created_d=2016-03-16 in my gpg.conf. But that is just a stopgap. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgp7V8SnL4gCY.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
