Twitter | Search | |
Robert J. Hansen
The PGP keyserver network's long-term health prognosis is getting worse. If your communications depend on keyservers for distributing keys, it is time to begin planning for the keyservers to go away. *They are still working. Don't panic.* More details: 1/
Reply Retweet Like More
Robert J. Hansen Jul 13
Replying to @robertjhansen
The keyservers were designed to never lose data nor allow data to be removed. Someone is so incensed over the apparent GDPR noncompliance of the keyserver network that they've decided to facilitate attacks on it. 2/
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @robertjhansen
This person has published simple tools to facilitate spamming the keyserver network with large quantities of garbage. In a never-delete never-drop environment, spam is a permanent DDoS: it eats up disk resources that keyservers cannot reclaim. 3/
Reply Retweet Like
rugk Jul 13
Replying to @robertjhansen
Can't you just block them?
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @robertjhansen
Publishing attack tools (with a wink and a nod of "for educational use only") can only be called a deeply hostile, deeply antisocial act. The people who most need keyservers are vulnerable groups in hostile regimes. *This hurts them.* 4/
Reply Retweet Like
jon camfield Jul 13
Replying to @robertjhansen
If only someone had warned the pgp community about this problem. /s
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @robertjhansen
Don't mistake my calm words: I am sputtering with rage here. The KSN was designed to be resistant to hostile governments, but the real threat is coming from a maladjusted twerp of a user who's using his pique over GDPR noncompliance to justify *hurting people*. 5/
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @robertjhansen
The KSN has known these attacks were possible. We've been trying for some time to mitigate these sorts of attacks. We are not even close to ready. If your group depends on the KSN, begin making plans for what to do if it goes away. 6/
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @robertjhansen
For now the KSN is intact and fully operational. I do not know if it will even exist in a year. *Make your plans now, because you might need them.* 7/7 fin
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @rugkme
Not possible.
Reply Retweet Like
Avraham Adler Jul 13
Replying to @robertjhansen
Anything that can be done to neutralize this person’s attacks? Are they known?
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @AvrahamAdler
With the attack tools widely published, it's only a matter of time until someone decides it'd be fun to upload a terabyte of porn to the keyserver network. *Right now* nobody is doing such a thing. I don't know what will happen next month, week, day, or minute. :( 1/
Reply Retweet Like
Robert J. Hansen Jul 13
Replying to @AvrahamAdler
In drama, "Chekhov's gun" is a rule saying if there's a gun on the stage in Act I, it'll be fired by Act III. We've now seen the gun on the stage. We don't know when it'll be fired. 2/2
Reply Retweet Like
Rory Byrne Jul 14
I was wondering what the problem was for the past while
Reply Retweet Like
Neil Alexander Jul 16
Replying to @robertjhansen
Honestly this is a weak arg. GPG works fine without SKS and the vulnerabilities are well known. For some reason there are GPG devs resistant to fixing this. If you reported a flaw in Windows to MS, they wouldn't be angry, they'd just fix it - as that is what is best for everyone!
Reply Retweet Like
Robert J. Hansen Jul 16
Replying to @neilalexander
"For some reason there are GPG devs resistant to fixing this." Because it's not a GnuPG issue, it's an SKS issue. SKS is a completely different codebase.
Reply Retweet Like
Neil Alexander Jul 16
Replying to @robertjhansen
Forgive my mistyping - SKS devs - but my point stands.
Reply Retweet Like
Robert J. Hansen Jul 16
Replying to @neilalexander
The reason why people are resistant to fixing it is it's very hard to fix it within the current design of SKS. It requires the outright rejection of a couple of ideas baked very deeply into the design. It would be considerably easier to replace SKS than to fix it.
Reply Retweet Like
Neil Alexander Jul 16
Replying to @robertjhansen
Replacing it is a great idea, but for that to happen the community needs to stop being so hostile to change. How is anyone supposed to trust SKS when the devs just sit back in their armchair ignoring major design flaws? Anger actually doesn’t help anyone here.
Reply Retweet Like
Robert J. Hansen Jul 16
Replying to @neilalexander
The community is not hostile to change. The community is hostile to people wanting to burn down the keyserver network, especially before we have a replacement ready. This is a non-trivial engineering task.
Reply Retweet Like