Oh my, someone finally went and broke the OpenPGP SKS Keyservers. Or rather, put garbage in them which in turn breaks GnuPG.

I've updated to cope, details and discussion are here: community.mailpile.is/t/mailpi

ยท Web ยท 1 ยท 12 ยท 10

I consider the SKS Keyserver attack to just be further evidence supporting my opinion that immutable, append-only data-structures are absolutely inappropriate for social applications (which a keyserver is).

If your data store doesn't support deletes, it should be considered unsafe and not fit for purpose until proven otherwise.

I'm looking at you, Secure Scuttlebutt. Also, block-chains.

Show thread

@HerraBRE
Imagine a similar spamming issue on a major Blockchain.

Wouldn't be that hard to imagine and the impact would be pretty severe.

@HerraBRE thats defintely an issue ive had with ssb. its great for things like scientific research and world event documentation, but is a bit scary for opinions and commmentary.

@HerraBRE why are mail clients not reqesting/sending public keys to recipients directley? #newbyquestion

@djoerd They do but it's a fairly recent innovation and not fully adopted. See Autocrypt (which embeds keys in email messages) and tools.ietf.org/html/draft-koch for a standard for fetching keys from web sites.

@HerraBRE

@harald @djoerd Also, Autocrypt: autocrypt.org/

Slightly different approach, similar goals, and yes, keys are simply sent inline as part of the e-mail.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!