Andrei POPESCU [2019-07-07T20:31:23+03] wrote:
> My gpg.conf has:
>
> keyserver hkps://hkps.pool.sks-keyservers.net
SKS keyservers can be risky because they allow anybody to submit any
number of key signatures to other people's keys. Recently some keys have
been poisoned with a great number key signatures so that GnuPG chokes.
Here's a link to message in gnupg-user mailing list.
"SKS Keyserver Network Under Attack"
https://lists.gnupg.org/pipermail/gnupg-users/2019-June/062098.html
If you use SKS keyservers I really recommend using either of the
following two options:
keyserver-options import-clean
keyserver-options import-minimal
If you happen to download a huge poisoned key from an SKS keyserver the
above mentioned options protect your local keyring from getting unknown
key signatures. The checking can take some time, though.
Future releases of GnuPG will include more protective features and
default settings.
"Release candidate for 2.2.17"
https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062297.html
There is also <https://keys.openpgp.org>, a keyserver which doesn't
distribute third-party signatures at all.
--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Attachment:
signature.asc
Description: PGP signature