keyserver problems and threats

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

keyserver problems and threats

Olaf Gellert-3
Hi all,

the new year just started and I found a good reason
to think again about some things that came into my
mind a few years ago: A colleague of mine recently
finished a bachelor thesis on the problems of pgp
key servers. In a way we all operate and use a network
of keyservers that somehow waits for the first bad
guys to come by and do some naughty things. The first
idea I had some years ago was "uploading keys with
copyrighted or pornographic picture IDs", another idea
of my colleague was "using the keyserver network as a
nice, distributed and very reliable backup for huge
amounts of data" (split into lots of key packets). Even
if Europe would vanish completely my data would still
survive on some of the other keyservers. Wow! What else
will we see in the time to come?

Well, you might have a look into the thesis, it sums
up some of the problems (mostly design issues and a
small amount of implementation issues):

http://www.informatik.uni-hamburg.de/SVS/theses/06-08-27-BT-Holst-PGP-Key-Servers.pdf

Maybe I am a bit pessimistic which is a good mentality
for a security researcher and a bad one for nearly
everything else ;-)
But anyway, a few years ago some people forgot about
authentication for most internet based services and
now we have all these nice things like spam, worm
attacks, trojan horses etc... So I am curious what
awaits us keyserver-folks in the next years. And I
hope that we might win the race though I am sure we'll
have to develop a new generation of tamper resistant
key servers using more secure protocols. Any takers?

Cheers and a good start in 2007. :-)

Olaf

--

Dipl.Inform. Olaf Gellert                   INTRUSION-LAB.NET
Senior Researcher,                      www.intrusion-lab.net
PKI - and IDS - Services        [hidden email]



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: keyserver problems and threats

Seth Hardy
> of my colleague was "using the keyserver network as a
> nice, distributed and very reliable backup for huge
> amounts of data" (split into lots of key packets). Even

*cough*

funny you mention this, i was just talking about this to a bunch of
people at 23c3... i've been sitting on the code to do this for a while
now, have decided to be nice and not cause lots of people problems with
"keytorrent" :)

/s.

--
seth hardy: [hidden email] * 617.650.xxxx * www.aculei.net/~shardy
(gpg - 0x5E345628): BF63 A0A7 3BCA 1D7D EDE1 63BF 46FB 95D9 5E34 5628
            "Never offend people with style when you
               can offend them with substance." -- Sam Brown

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (194 bytes) Download Attachment