SKS PGP Keyservers Nodecount Dropping
grarpamp
grarpamp at gmail.com
Wed Sep 2 17:44:51 PDT 2020
On 9/2/20, John Young <jya at pipeline.com> wrote:
> Has it not been established that all key servers are compromised,
>> The majority of GnuPG users no longer use SKS key servers, due to the
>> fact of possible attacks on their pub keys.
It's not that the nym <--> privkey mapping of any given
key has been internally compromised, that is signed.
But that key servers and their keys were discovered by the
public to be handy datastores open to arbitrary data insertion,
including of duplicate nyms, public sigs, etc.
Plausible keys can still be found. For which old wisdom
of verifying the WoT still applies. Unfortunately the WoT
has not yet developed enough degrees around the world,
such that many paths between say your key and any other
are still woefully broken. Thus requiring much offline and
direct verification with the intended party. Two ways to
help fix that is to hold *many* more keysigning parties,
and to publish and self assert over the fingerprints in
many more online social and business places.
> Then Tor, I2P, CJDNS, Secure Drop, Signal, et al, each eagerly
> boosted than gradually falling in credibility and trustworthiness to
> be succeeded by new borns.
Cybersec apps and staff always seem to hide their easily notable
design caveats, such caveats being addressed by the nextgen,
which dutifully hides its own caveats in turn.
We will see which new apps will take the initiative to address the
current overlay network attack vectors of network traffic analysis
and sybil attacks. And what holes they in turn skirt around and
censor-ban-cancel you for talking about.
> The recent post about crypto's failure to serve the underprivileged,
> citing cypherpunks as an example, is indicative of where a next step
> for injecting compromised sec tools is headed, following bitcoin's
> amazing rise as top tracker of finance under pretense of untraceability.
Indeed.
> Apt that Covid shot that CyberPonzi delirium
Not shot just that, but a breadth and depth of human areas,
the changes and impacts (mostly not so good as usual) due
to oppurtunistics will hardly begin apparent to clairvoyants
even five years hence.
>>keys.openpgp.org or keys.mailvelope.com, besides Werner Koch's WKD.
"More nodes on overlay networks" is a notion generally applicable to
any set of cypherpunk services, information bases, infrastructure, etc,
not just these.
Or you could take Juan's approach and smash it all.
However most are not ready to adopt the resulting lifestyle yet.
Neither has Juan, nor anyone else still tapping on their keyboard.
More information about the cypherpunks
mailing list