> On 30 Jun 2019, at 10:21, Mirimir via Gnupg-users <gnupg-users@gnupg.org>
> wrote:
>
> This is undoubtedly a naive question. But anyway, would it be feasible
> to test keys by importing them, and seeing which ones break OpenPGP?
> Maybe do it in minimal Docker containers? And then somehow block access
> to those keys?
Because a) it’s enumerating badness [1] but more importantly b) it’s punishing
the victim. Protecting the ecosystem by banning RJH and DKG’s keys from the
keyservers entirely is doing the bad guys’ work for them.
A
[1] https://www.ranum.com/security/computer_security/editorials/dumb/
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
