Skip to content

WIP: Switch default keyserver to hkps://keys.openpgp.org

dkg requested to merge dkg/schleuder:drop-sks into release-4.0

The flawed design of the SKS keyserver pool is being attacked. SKS does not appear to be capable of recovery. If Schleuder pulls from that network directly during refresh_keys, it is likely to flood its internal keyrings with arbitrary garbage.

see: https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html https://dev.gnupg.org/T4592

The more tightly-constrained https://keys.openpgp.org keyserver will not distribute any third-party certifications, so by policy it cannot be flooded in the same way.

It also requires users to confirm access to their e-mail address before it distributes identity information. See https://keys.openpgp.org/about for more details. This adds another level of difficulty for users that want to use schleuder and have their OpenPGP cert retrieved initially from the keyserver (as opposed to add-key).

keys.openpgp.org will also distribute certificate revocations in a compact, non-floodable form if it learns about them, even without registration or user IDs (gpg needs a fix like https://dev.gnupg.org/T4393 to deal with a revocation distributed as a uid-less certificate, but that's something to fix outside of schleuder), so the regular refresh_keys should be safe.

Signed-off-by: Daniel Kahn Gillmor dkg@fifthhorseman.net

Edited by georg

Merge request reports