SoylentNews is people
SoylentNews
OpenPGP protocol developer, Daniel Kahn Gillmor, has written up what is happening with an attack against the OpenPGP's infrastructure. In recent days the SKS keyserver network has come under a particularly hard to mitigate attack which is, problematically, also difficult to resolve permanently. The problem lies with the design of that part of the infrastructure. Although replacements are available, the move has not yet happened.
Some time in the last few weeks, my OpenPGP certificate, 0xC4BC2DDB38CCE96485EBE9C2F20691179038E5C6 was flooded with bogus certifications which were uploaded to the SKS keyserver network.
SKS is known to be vulnerable to this kind of Certificate Flooding, and is difficult to address due to the synchronization mechanism of the SKS pool. (SKS's synchronization assumes that all keyservers have the same set of filters). You can see discussion about this problem from a year ago along with earlier proposals for how to mitigate it. But none of those proposals have quite come to fruition, and people are still reliant on the SKS network.
Also covered at Vice as Someone Is Spamming and Breaking a Core Component of PGP's Ecosystem and ZDNet
Earlier on SN: Op-Ed: Why I'm Not Giving Up on PGP (2016)
(Score: 3, Funny) by Some call me Tim on Friday July 05 2019, @04:31AM
Those darn things are old! https://en.wikipedia.org/wiki/SKS [wikipedia.org]
A good custom AR-15 would work much better ;-)
Did anyone else hear a loud whooshing sound?
Questioning science is how you do science!