Follow

PGP's SKS infrastructure "was written in an obscure language by a PhD student for his thesis. And because of that, there is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase" vice.com/en_us/article/8xzj45/

· Mastodon Twitter Crossposter · 2 · 0 · 1

@bonzoesc
Interesting. I can't help there, but surely someone can?
@volt4ire

@anomaly @volt4ire I think the real question is if it's even fixable as software or if there's structural change for the gpg community required

@volt4ire from an end-user standpoint, do we know what workflows this could impact?

Enigmail, sure (fix: disable SKS integration). OS updates, probably not (typically repo pubkeys are cached in /etc by the installer). Developers verifying signed commits, probably (for what minority of commits are signed, much less verified).

A resilient PKI is obviously important, I just don't have a good sense of the systemic risk posed by DoS via SKS.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!