Wednesday, 2022-06-15

fungi	gagehugo_: prometheanfire: heads up, i've sent you both encrypted e-mail just now. hopefully it arrives intact	14:26
prometheanfire	yep, got it, I'll update my key too	14:52
fungi	thanks!	14:55
prometheanfire	I used to use sks-keyservers, what are people using now?	15:02
fungi	keyserver hkps://keys.openpgp.org	15:03
fungi	that's what i switched everything i'm managing over to after the sks network collapsed	15:03
prometheanfire	ya, that's what I just switched to, cool then	15:03
prometheanfire	I do wonder what happened there, it's like he dropped off the face of the earth	15:04
fungi	there were multiple pressures	15:04
fungi	first, the traditional design of allowing anyone to upload signatures for other people's keys was able to be abused in a number of ways, from attaching corrupt signatures, to flooding keys with so many bogus sigs that they couldn't be retrieved, to attaching signatures containing offensive words/phrases	15:05
prometheanfire	ya, I know bots were using it for messaging	15:06
fungi	but then gdpr came, and sks was hit with a barrage of takedown demands for people's data, including attackers uploading things just so they could file takedowns	15:06
fungi	ultimately it was unworkable to continue running the service	15:07
fungi	you'll notice keys.openpgp.org doesn't allow uploading signatures at all	15:07
fungi	or rather, it strips them when storing	15:08
fungi	also forces you to validate your key by e-mail before that id can even be searched by anything other than the raw hex number	15:08
fungi	longer term, there's this: https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-abuse-resistant-keystore-00	15:08
prometheanfire	ah, ya	15:08
opendevreview	Matthew Thode proposed openstack/ossa master: update Matthew Thode's gpg key https://review.opendev.org/c/openstack/ossa/+/846007	15:11
prometheanfire	UIDs may need updating, left a comment in review	15:12

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!