[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!


Christoph Anton Mitterer:
> In OpenPGP you have the additional problems that:
> - at least until know communication with the keyservers is usually
> unsecured: so not only the keyserver operator can attack you, but anyone
> else that can MitM.

Fortunately, that only matters when checking for revocations.
One cannot MitM themselves into the web of trust.

> - there are gazillions of keyserver operators (like me) and OpenPGP
> implemntations usually default to some pool of keyservers... so in the
> end you do not only have to trust one 3rd party (like - at least
> technically - with X.509) but ??? 3rd parties to give you the correct
> data.
This is an advantage. The pool keyservers talk to each other, after all.
Thus, if somebody really wants to block a key's revocation, they have to
MitM themselves into their target's path to all of them.

-- Matthias Urlichs

Attachment: signature.asc
Description: Digital signature

Reply to: