Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Oct 2014 11:47:28 -0400
From: Daniel Kahn Gillmor <>
To: David Leon Gil <>,
CC: "" <>,
 Werner Koch <>,
Subject: Re: 0xdeadbeef comes of age: making keysteak with GnuPG

On 10/10/2014 11:06 AM, David Leon Gil wrote:
> (In summary: If you don't use the WoT, get OpenPGP keys via HTTPS.
> E.g.: or (the latter thanks to Yan Zhu's
> lobbying).)

If we're going to advocate for accessing keyservers via https (which i
think is a lovely idea, even if it doesn't mitigate all possible
attacks), it's worth advocating for the well-curated [0], rather than encouraging everyone to
flood either or with traffic.

I agree with David and Thijs that OpenPGP v3 keys are long overdue for
the chopping block.



Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.