[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous)
From:       "Stefan Kelm" <kelm () secorvo ! de>
Date:       2002-04-25 7:39:51
[Download RAW message or body]

From:           	"Michael Young" <mwy-pks55@the-youngs.org>
> From: "Stefan Kelm" <kelm@secorvo.de>
> > This is of particular danger when it comes to keyservers, since the key
> > information itself is usually considered as highly trustworthy.
> 
> Absolutely not.  Keyservers are wide open public repositories.  They
> can, and do, contain arbitrary garbage.  Users should only trust
> material that they can verify through signatures or direct contact.

I certainly agree (although users tend to behave otherwise).

For the record: the statement as quoted above was one I forwarded
to the key server admin list, not one I personally made.

Cheers,

	Stefan.
-------------------------------------------------------
Dipl.-Inform. Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe

Tel. +49 721 6105-461, Fax +49 721 6105-455
E-Mail kelm@secorvo.de, http://www.secorvo.de
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

[prev in list] [next in list] [prev in thread] [next in thread]