[CryptoParty] Fwd: Re: Nebenwirkung Keyserver
Ralph Wozelka
ralph at wozelka.at
Fr Jan 9 14:25:28 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 01/09/2015 11:44 AM, Hillebold Christoph wrote:
>
> On 2015-01-09 08:30, an.to_n-73 at riseup.net wrote:
>> Moin!
>
>> Jemand hat sich einen schlechten Scherz erlaubt und einen Key auf
>> den Namen eines bekannten Oesterreichers angelegt, der die
>> gleiche Short-ID wie mein neuer Oberschluessel hat:
>
> Hast du schon mal das mit den "Preferred Keyserver" angeschaut? Ich
> habs nicht ausprobiert, aber anscheinend kann man bei pgp mit
> "--preferred-keyserver" angeben, von welchem Keyserver die Updates
> gezogen werden sollen. [1] Bei gpg geht das scheinbar mit
> "--edit-key" und "keyserver" [2].
Verflucht. Da spricht etwas dagegen [3]:
"When creating a key, individuals may designate a specific keyserver
to use to pull their keys from. It is recommended that you use the
following option to ~/.gnupg/gpg.conf, which will ignore such
designations:
keyserver-options no-honor-keyserver-url
This is useful because (1) it prevents someone from designating an
insecure method for pulling their key and (2) if the server designated
uses hkps, the refresh will fail because the ca-cert will not match,
so the keys will never be refreshed. Note also that an attacker could
designate a keyserver that they control to monitor when or from where
you refresh their key."
> [1]
> https://supportimg.pgp.com/guides/PGP_Command_Line_8.5_man_page.html
>
>
[2] http://linuxcommand.org/man_pages/gpg1.html
[3]
https://help.riseup.net/en/security/message-security/openpgp/best-practices#ensure-that-all-keys-are-refreshed-through-the-keyserver-you-have-selected
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUr9bIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQkQwQThEREVBMDRGREIzMTA1MkY5NThC
NUREN0Y0MDI4N0ZCRDYzAAoJELXdf0Aof71jsGkP/iuk3L0l7Gf/5FlcZRCO2hlc
hrI9qvO2wyCEN/9rNM2HmB9N26HdQXWB8af4ZYx0P+uTxnxjfaMwpy22r48DFRsn
wUlPLgsGYz69Smypg/qquEMZtgsW53Y4szb0vli4BOBW87Uaqg8BdQJoMvt5JI2F
qD8TlI5ec3iZwtgaVSiGMV31JH0uWH2OY+intMvTpN2zQnHNlnVIQB+FCjGG20l6
YVHeYJILhHOJ/JQsV1VmMdGe55d4J4MEWLtytgxKiqwgdgKkieFID54yqVLk0bym
l7DrDlINPaPuoX0VyxQ6QAEGvhhYlVlcENXCdc+pj73ra78FzMClqy/JAkjacvCx
29fStcVBdBTplErE1wgelajP18y9r8fDv9KUHIcIPbFS5baLgW3XUtil5Q9RB9sT
fx1vaj+r83Jd9W0zljE0hD8tiZI+KqkTlWlMZk28BRetSn/DViMKM8H8OoqztI5S
1hFcB0efjjxhpueyI6JCVB/cjeFw6YuGfS0w5Pqh/QaWQOLHkzjmzeq9WRCmjQT+
t+ax1MMix63Wt5dTzYfyuWmKXd92ydFqv+LJLRczlxqgecrmETbDTalCm9xurLPz
8jTD2/0TMBrhmp+5sBZ41xAruH9ICLgIuwXBmCbmOevH7XmNkfuIe3moOj7aYqVy
J1DHQ7fr1DST+bdAZWNJ
=V8XD
-----END PGP SIGNATURE-----
Mehr Informationen über die Mailingliste CryptoParty