[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Do we need to secure our keyservers against kind of DoS Attacks

To: ietf-openpgp@xxxxxxx
Subject: Do we need to secure our keyservers against kind of DoS Attacks
From: Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx>
Date: Sat, 31 Jan 2009 23:54:48 +0100
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Hi.

I having the following issue on my OpenPGP "TODO" list for some very
long time now, and David just remembered me on it.

On Fri, 2009-01-30 at 22:48 -0500, David Shaw wrote: 
> Yes.  However note that you can un-revoke a key by removing the
> revocation signature.  That's very difficult to do in practice
> (keyservers would have the revoked copy).

Keyservers are very critical for any PKI to work, aren't they?
I mean there are plenty of "attacks" which would be possible without
them:
- we couldn't get revocations
- we prone to attacks where someone simply removes some subpackets (e.g.
a revocation signature, or a newer and updated self-signature)
- there might be even more cases I can't think of

Of course our keyservers work quite well, I can to some "upgrade my
keyring" command and get the new keys and all added packets.
And the big advantage is that no one can remove anything from them (it's
even difficult for the admins, though probably not impossible).

But there is the possibility of a kind of a DoS-Attack; service in the
sense of "deliver the whole key and everything belonging to it to the
requester".
Imagine that my ISP is evil, tracks my connections and always removes
some revocation signatures when I get the data.

Are there currently working means to prevent this?

One possibility would be do static_cast<keyservers>(DNSSEC) and
implement a secured keyserver protocol.
Of course we should use OpenPGP for this :-)
A keyring could always sign the data he sends to a user, and the user
could have the public key from that keyserver set up somewhere in his
implementation as valid for acting as keyserver.

Of course one could build trust-paths to the keyserver's public keys, et
cetera, et cetera.

Now the ISP could only block the whole keyserver, but at least I'd
notice it and an implementation could WARN me if for example regularly
updates of the keyrings don't work.

Just an idea,... :-)

Regards,
-- 
Christoph Anton Mitterer
Ludwig-Maximilians-UniversitÃt MÃnchen

christoph.anton.mitterer@xxxxxxxxxxxxxxxxxxxxxx
mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: Series of minor questions about OpenPGP 4
Previous by thread: Re: Series of minor questions about OpenPGP 6
Index(es):
- Date
- Thread