Oh my, someone finally went and broke the OpenPGP SKS Keyservers. Or rather, put garbage in them which in turn breaks GnuPG.

I've updated to cope, details and discussion are here: community.mailpile.is/t/mailpi

I consider the SKS Keyserver attack to just be further evidence supporting my opinion that immutable, append-only data-structures are absolutely inappropriate for social applications (which a keyserver is).

If your data store doesn't support deletes, it should be considered unsafe and not fit for purpose until proven otherwise.

I'm looking at you, Secure Scuttlebutt. Also, block-chains.

ยท Web ยท 4 ยท 26 ยท 26

@HerraBRE
Imagine a similar spamming issue on a major Blockchain.

Wouldn't be that hard to imagine and the impact would be pretty severe.

@HerraBRE thats defintely an issue ive had with ssb. its great for things like scientific research and world event documentation, but is a bit scary for opinions and commmentary.

@HerraBRE why are mail clients not reqesting/sending public keys to recipients directley? #newbyquestion

@djoerd They do but it's a fairly recent innovation and not fully adopted. See Autocrypt (which embeds keys in email messages) and tools.ietf.org/html/draft-koch for a standard for fetching keys from web sites.

@HerraBRE

@harald @djoerd Also, Autocrypt: autocrypt.org/

Slightly different approach, similar goals, and yes, keys are simply sent inline as part of the e-mail.

Sign in to participate in the conversation
Mastodon

Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.