[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[liberationtech] Interesting things in keyservers



At 02:22 AM 7/21/2013, Eugen Leitl forwarded:

(somebody's, probably Micah's, excellent note on problems with 
incorrectly trusting key servers, especially the MIT one.)

> > 1. no, I didn't do that, nor did I upload the edward snowden or 
> bradley manning keys.

If nobody's uploaded fake Edward Snowden or Bradley Manning (or, more 
seriously, Glenn Greenwald) keys to the MIT key server yet, then 
there are a bunch of trolls who have really been slacking off on 
their jobs.  They don't call it the Keyserver of a Million Lies for nothing.

The usability of the Web of Trust as a set of connection metadata is 
potentially a serious problem - you want your friends to be able to 
verify your keys, but if your connections are as important as your 
messages, there's a lot to be said for handing out business cards 
with your key fingerprints on them.