On Sat, 2014-06-21 at 03:41 +0200, Matthias Urlichs wrote: > Christoph Anton Mitterer: > > In OpenPGP you have the additional problems that: > > - at least until know communication with the keyservers is usually > > unsecured: so not only the keyserver operator can attack you, but anyone > > else that can MitM. > Fortunately, that only matters when checking for revocations. > One cannot MitM themselves into the web of trust. Sure... what I wrote was completely about revocations... An attacker could of course conceal keys or signatures (or other packets on them) completely... but these would only result in DoS kind attacks - nothing which is really a security problem in that case here. > This is an advantage. The pool keyservers talk to each other, after all. > Thus, if somebody really wants to block a key's revocation, they have to > MitM themselves into their target's path to all of them. Nah... I don't agree... at least not necessarily. It would be a subtle advantage, if OpenPGP implementations would SEND revocation certificates to multiple keyservers (to make sure that it really goes through the network)... AND if OpenPGP implementations would also CHECK multiple servers for revocation certificates... hoping to get at least one that is trustworthy. But AFAIK, this is not yet the case... and it only solves the problem the someone might tamper with parts of the keyserver network (e.g. not actually forwarding your submitted revocation certificate)... it still doesn't solve the problem that someone between a client (e.g. gnupg) and the server might tamper with any submitted or retrieved revocation certs, which I think is right now only possible via https or hkps. But this gives you again the problem of having X.509... either some commercial CA, which we cannot trust,... some self-signed cert or one signed by a "private" CA (like mine: https://a.keyserver.pki.scientia.net:8443/) or using the "sks-keyservers.net CA" run by Kristian Fiskerstrand (like https://a.keyserver.pki.scientia.net/) ... but again,.. you can neither trust me, nor Kristian nor any of the guys which Kristian gave a certificate (anybody gets one). So the "best" thing you can do is: - operate your own keyserver, peering with as many other keyservers as possible - if you actually revoke your key, submit it to as many keyservers as possible Cheers, Chris.
Description: S/MIME cryptographic signature