Oh my, someone finally went and broke the OpenPGP SKS Keyservers. Or rather, put garbage in them which in turn breaks GnuPG.
I've updated #Mailpile to cope, details and discussion are here: https://community.mailpile.is/t/mailpile-and-the-sks-keyserver-attacks/185
@HerraBRE
Imagine a similar spamming issue on a major Blockchain.
Wouldn't be that hard to imagine and the impact would be pretty severe.
@HerraBRE thats defintely an issue ive had with ssb. its great for things like scientific research and world event documentation, but is a bit scary for opinions and commmentary.
@HerraBRE Yep, that's what keys.openpgp.org is all about.
@HerraBRE why are mail clients not reqesting/sending public keys to recipients directley? #newbyquestion
@djoerd They do but it's a fairly recent innovation and not fully adopted. See Autocrypt (which embeds keys in email messages) and https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07 for a standard for fetching keys from web sites.
@harald @djoerd Also, Autocrypt: https://autocrypt.org/
Slightly different approach, similar goals, and yes, keys are simply sent inline as part of the e-mail.
I consider the SKS Keyserver attack to just be further evidence supporting my opinion that immutable, append-only data-structures are absolutely inappropriate for social applications (which a keyserver is).
If your data store doesn't support deletes, it should be considered unsafe and not fit for purpose until proven otherwise.
I'm looking at you, Secure Scuttlebutt. Also, block-chains.