Conversation

Notices

1. kat (boneidol@indy.im)'s status on Sunday, 30-Jun-2019 07:39:51 EDT kat
   oh Shit... the GPG web of trust is dead https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
   1. Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:50:40 EDT Joshua Judson Rosen

      in reply to
      ALSO, I'm reminded that there was this other #HKP #keyserver released a few years ago, compatible w/ #SKS but written in #Golang, which might relieve some of "zomg unmaintainable!" problems with the SKS servers: https://hockeypuck.github.io/ !crypto #PGP #GnuPG
   2. Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:42:36 EDT Joshua Judson Rosen

      in reply to
      Also it seems kind of inappropriate to be using "poisoning" as its being used here: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f !crypto
   3. Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:40:24 EDT Joshua Judson Rosen

      in reply to
      @boneidol The signature-flooding attack on the SKS #keyservers (and DoS of their users) is bad but doesn't actually sound like any kind of #apocalypse, and has basically nothing to do with the #WoT; signature-chains maybe, but that's something else entirely. !crypto
      1. kat (boneidol@indy.im)'s status on Tuesday, 02-Jul-2019 05:24:18 EDT kat

         in reply to
         @rozzin Maybe I am misunderstanding, but the poisoning prevents people from updating keys to check trust paths. The proposed replacement service https://keys.openpgp.org/ does not link ID ( email address) to the public key, unless asked to.  And more importantly from a WoT is does not have any third party signatures.  So can't be used to follow a trust path