Wolf, Gunnar y Ortega Arjona, Jorge Luis
(2024):
A Protocol for Solving Certificate Poisoning for the OpenPGP Keyserver Network.
Journal of Internet Services and Applications, 15 (1).
pp. 46-58.
ISSN 1869-0238
Resumen
The OpenPGP encryption standard builds on a transitive trust distribution model for identity assertion, using a non-authenticated, distributed keyserver network for key distribution and discovery. An attack termed “certificate poisoning”, surfaced in 2019 and consisting in adding excessive trust signatures from inexistent actors to the victim key so that it is no longer usable, has endangered the continued operation of said keyserver network.
In this article, we explore a protocol modification in the key acceptance and synchronization protocol termed “First-party attested third-party certification” that, without requiring the redeployment of updated client software, prevents the ill effects of certificate poisoning without breaking compatibility with the OpenPGP installed base. We also discuss some potential challenges and limitations of this approach, providing recommendations for its adoption.
Acciones (requiere ser usuario registrado)
|
Editar objeto |