-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/14/2014 02:12 PM, Christoph Egger wrote: > "Kiss Gabor (Bitman)" <[email protected]> writes: >>> - mitm attacks may manipulate up-/downloaded keys >> >> no >> >> Every uploaded key can be manipulated legally by anyone. (I.e. >> you attach a new signature to your friend's key and you send back >> to the key servers.) Moreover anybody can send a totally new key >> in the name of you. Public key server is like Wikipedia or a >> piece of paper. And everybody has a pencil. :-) > > You can still block certain pakets from up/downloads (i.e. not > providing signature pakets for some key -- kind of a DoS when > checking a trust path)
Or even more importantly, providing a public key where a revocation signature has been removed. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nosce te ipsum! Know thyself! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT7KpTAAoJEPw7F94F4TagP7kP/AyX57IC3nhGIe7whBdzr5SO Ib2J/ORJbR3wuYmbf6tT/g347W9RXxRXhu37fQi3Iu2iFN3XAhbPZpwIdZ9lo0Q8 bfigpsdrCjLYnW1ll8zqB2tPwexeJbKxzI5RXvM5xXBna2vWAA+oeN6XaPLU9zVU Bw2ST90T6YOP7q5ShPI0aqcuKZx4wbttyAYyvd+IES/hhf4wUe4Zbbqdry4eRXEU j9tvw0kH7Ey7NO/SAM1IGTqXMxpMZZQ+ZMIL1QPK8UtvXdI0dKId4U2mLjHdbv4g xFSfvtRl/7T1pggDdgB1abCLAwqlup7q72QFYhp8Fq5gM3nYIuzRmRrFZkTyRw+m RZDYUouhSM/qPMwBLFRjEwiWXXjua/gJWBmXLmmsshFSKxftiB5X2J3MjdFaJfmq 6RQ+AHkndwxP47/KyQ2vUVhVO5f1x5Ctjg7ASQLxhdvGWLnGeGEANXEStPBLXBEj t5QgDNmeJL8/uCnpr7iqlcsPpTsYBN4Ivx0PV0HRvYpuuIfTKQiphruWF5+1Teog IOqH3RKOMbkU5r4Pj/DsWbg4DGTuxV9KkyDv9IZtqoiegcaB9gcLsYCHRjh8q1gt SCosH5AmCjGo0GRI4VjRt5wHu28VtJ2jSQD9AtncgBEBQgTT9lwIdfExe+1xsZ8m +f1oVKBMBXRmFbYS6QPf =nzIX -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
