Article 4JCND [$] OpenPGP certificate flooding

[$] OpenPGP certificate flooding

by
jake
from LWN.net on (#4JCND)
A problem with the way that OpenPGPpublic-key certificates are handled by key servers and applications iswreaking some havoc, but not just for those who own the certificates (andkeys)-anyone who has those keys on their keyring and does regular updateswill be affected. It is effectively a denial of service attack, but onethat propagates differently than most others. The mechanism of this"certificate flooding" is one that isnormally used to add attestations to the key owner's identity (also known as"signing the key"), but becauseof the way most key servers work, it can be used to fill a certificate with"spam"-with far-reaching effects.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments