A Protocol for Solving Certificate Poisoning for the OpenPGP Keyserver Network
Por:
Wolf, G, Ortega-Arjona, JL
Publicada:
1 ene 2024
Resumen:
The OpenPGP encryption standard builds on a transitive trust distribution model for identity assertion, using a non-authenticated, distributed keyserver network for key distribution and discovery. An attack termed "certificate poisoning", surfaced in 2019 and consisting in adding excessive trust signatures from inexistent actors to the victim key so that it is no longer usable, has endangered the continued operation of said keyserver network. In this article, we explore a protocol modification in the key acceptance and synchronization protocol termed First-party attested third-party certification that, without requiring the redeployment of updated client software, prevents the ill effects of certificate poisoning without breaking compatibility with the OpenPGP installed base. We also discuss some potential challenges and limitations of this approach, providing recommendations for its adoption.
Filiaciones:
Wolf, G:
Posgrad Ciencia & Ingn Comp, UNAM, Cdmx, Mexico
Circuito Posgrad, Unidad Posgrad, Edificio C 1 Nivel,Ciudad Univ, Coyoacan 04510, Ciudad De Mexic, Mexico
Ortega-Arjona, JL:
UNAM, Fac Ciencias, Cdmx, Mexico
gold, Green Accepted, All Open Access; Gold Open Access
|