Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Oct 2014 11:47:28 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: David Leon Gil <coruus@...il.com>, oss-security@...ts.openwall.com
CC: "gnupg-devel@...pg.org" <gnupg-devel@...pg.org>,
 Werner Koch <wk@...pg.org>, thijs@...ian.org
Subject: Re: 0xdeadbeef comes of age: making keysteak with GnuPG

On 10/10/2014 11:06 AM, David Leon Gil wrote:
> (In summary: If you don't use the WoT, get OpenPGP keys via HTTPS.
> E.g.: keybase.io or pgp.mit.edu (the latter thanks to Yan Zhu's
> lobbying).)

If we're going to advocate for accessing keyservers via https (which i
think is a lovely idea, even if it doesn't mitigate all possible
attacks), it's worth advocating for the well-curated
hkps.pool.sks-keyservers.net [0], rather than encouraging everyone to
flood either https://keybase.io or https://pgp.mit.edu with traffic.

I agree with David and Thijs that OpenPGP v3 keys are long overdue for
the chopping block.

	--dkg

[0] https://sks-keyservers.net/overview-of-pools.php#pool_hkps


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ