1. 02 Jul, 2019 1 commit
    • dkg's avatar
      Switch default keyserver to hkps://keys.openpgp.org · e09f4806
      dkg authored
      The flawed design of the SKS keyserver pool is being attacked.  SKS
      does not appear to be capable of recovery.  If Schleuder pulls from
      that network directly during refresh_keys, it is likely to flood its
      internal keyrings with arbitrary garbage.
      
      see:
         https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html
         https://dev.gnupg.org/T4592
      
      The more tightly-constrained https://keys.openpgp.org keyserver will
      not distribute any third-party certifications, so by policy it cannot
      be flooded in the same way.
      
      It also requires users to confirm access to their e-mail address
      before it distributes identity information.  See
      https://keys.openpgp.org/about for more details.  This adds another
      level of difficulty for users that want to use schleuder and have their OpenPGP cert retrieved initially from the keyserver (as opposed to add-key).
      
      keys.openpgp.org will also distribute certificate revocations in a
      compact, non-floodable form if it learns about them, even without
      registration or user IDs (gpg needs a fix like
      https://dev.gnupg.org/T4393 to deal with a revocation distributed as a
      uid-less certificate, but that's something to fix outside of
      schleuder), so the regular refresh_keys should be safe.
      Signed-off-by: dkg's avatarDaniel Kahn Gillmor <dkg@fifthhorseman.net>
      e09f4806
  2. 17 Jun, 2019 2 commits
  3. 05 Apr, 2019 1 commit
  4. 31 Mar, 2019 1 commit
  5. 14 Feb, 2019 3 commits
  6. 13 Feb, 2019 2 commits
  7. 10 Feb, 2019 6 commits
  8. 09 Feb, 2019 2 commits
  9. 03 Feb, 2019 4 commits
  10. 02 Feb, 2019 3 commits
  11. 02 Jan, 2019 1 commit
  12. 29 Oct, 2018 1 commit
  13. 28 Oct, 2018 3 commits
  14. 24 Oct, 2018 1 commit
  15. 07 Oct, 2018 1 commit
  16. 28 Sep, 2018 1 commit
  17. 04 Sep, 2018 1 commit
  18. 22 Jul, 2018 3 commits
  19. 21 Jul, 2018 1 commit
  20. 19 Jul, 2018 2 commits