[prev in list] [next in list] [prev in thread] [next in thread]
List: pgp-keyserver-folk
Subject: Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous)
From: "Stefan Kelm" <kelm () secorvo ! de>
Date: 2002-04-25 7:39:51
[Download RAW message or body]
From: "Michael Young" <mwy-pks55@the-youngs.org>
> From: "Stefan Kelm" <kelm@secorvo.de>
> > This is of particular danger when it comes to keyservers, since the key
> > information itself is usually considered as highly trustworthy.
>
> Absolutely not. Keyservers are wide open public repositories. They
> can, and do, contain arbitrary garbage. Users should only trust
> material that they can verify through signatures or direct contact.
I certainly agree (although users tend to behave otherwise).
For the record: the statement as quoted above was one I forwarded
to the key server admin list, not one I personally made.
Cheers,
Stefan.
-------------------------------------------------------
Dipl.-Inform. Stefan Kelm
Security Consultant
Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe
Tel. +49 721 6105-461, Fax +49 721 6105-455
E-Mail kelm@secorvo.de, http://www.secorvo.de
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic