Groups | Search | Server Info | Login | Register
Groups > linux.debian.security > #6488
| From | Jeremy Stanley <fungi@yuggoth.org> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: Keyserver for gpg.conf ? |
| Date | 2025-11-17 16:30 +0100 |
| Message-ID | <LS9l0-dF3N-7@gated-at.bofh.it> (permalink) |
| References | <LRkVb-d7Jl-5@gated-at.bofh.it> <LRsSK-ddir-17@gated-at.bofh.it> <LRvnA-deMI-9@gated-at.bofh.it> <LRBjj-diRy-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
On 2025-11-16 02:57:02 +0000 (+0000), debianmailinglists.hz5zm@simplelogin.com wrote: > Do these other keyring servers leave the key intact? I stopped > using the key servers for my small personal projects and just have > my public key posted on my personal website because one of them ( > keys.openpgp.org I think ) lists my public key, but it seems to > have stripped all the identifying information from it so it can't > be searched for by email address and even if you download the copy > they have apps like Kleopatra fail to import it, and when > comparing it to my copy of the public key I manually exported the > contents are MUCH shorter on their copy. [...] The main reason for this, as I understand it, is to avoid the vulnerabilities which led to the fall of the SKS keyserver network. In short, the traditional keyserver model of allowing anyone to upload third-party signatures for keys they didn't control led eventually to vandals and other malicious persons uploading unwanted signatures with objectionable content or in volumes which overflowed the ability of clients and servers to deal with them (denial of service on the network and also on specific keys making them irretrievable). They did this in the most severe way possible, essentially filtering out all third-party signatures and even self-signatures and UIDs if the uploader can't prove control of the E-mail addresses associated with them (which implicitly means discarding non-E-mail identities too such as photo images). Discussions I followed some time ago indicated they were willing to accept updates that enabled a caff-style approval process for third-party signatures at least, but it sounded like the existing team didn't have the resources to develop such a feature and that it would require additional volunteers working on that. -- Jeremy Stanley
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-15 10:40 +0100
Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-15 19:10 +0100
Re: Keyserver for gpg.conf ? Holger Levsen <holger@layer-acht.org> - 2025-11-15 21:50 +0100
Re: Keyserver for gpg.conf ? debianmailinglists.hz5zm@simplelogin.com - 2025-11-16 04:10 +0100
Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
Re: Keyserver for gpg.conf ? Jeremy Stanley <fungi@yuggoth.org> - 2025-11-17 16:30 +0100
Re: Keyserver for gpg.conf ? Jeffrey Walton <noloader@gmail.com> - 2025-11-17 16:40 +0100
Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
Re: Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-16 13:40 +0100
Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
Re: Keyserver for gpg.conf ? Jeffrey Walton <noloader@gmail.com> - 2025-11-17 17:00 +0100
Re: Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-17 18:40 +0100
Re: Keyserver for gpg.conf ? Jeremy Stanley <fungi@yuggoth.org> - 2025-11-17 18:50 +0100
Re: Keyserver for gpg.conf ? debianmailinglists.hz5zm@simplelogin.com - 2025-11-18 01:50 +0100
csiph-web