Update:
I took a closer look at the key that broke the Tor key with its signature:
pub rsa4096/4F3F50786C401DCE 2015-10-04 [SC]
17F9D6D43CE4DDEE4178548C4F3F50786C401DCE
uid Richie <ryetschye@xxxxxx>
uid Richie <ryetschye@xxxxxxxxx>
uid Richie <ryetschye@xxxxxxxxxxxxxxxx>
uid Richie (IRONCOMPUTING) <richie@xxxxxxxxxxxxxxxx>
uid Richie (IRONCOMPUTING) <richie@xxxxxxxxxxxxxxxxx>
uid Richie <richard.gottschalk@xxxxxxxxxxxxxxxxxxxxxx>
uid Richie (IronComputing KG) <richie@xxxxxxxxxxxxxxxx>
uid Do not use SKS keyserver sites (no validity checks) <@>
uid Do not use SKS keyserver sites (no validity checks) <https://bitbucket.org/skskeyserver/sks-keyserver/issues/41>
Apparently, someone wants to turn people's attention to this ticket:
https://bitbucket.org/skskeyserver/sks-keyserver/issues/41
Although the more apropriate ticket to link to in this case would be this one:
https://bitbucket.org/skskeyserver/sks-keyserver/issues/57
The problem is basically that anyone can dump a whole bunch of data into the
UID field of their key and upload it, which overloads both the keyservers and
the PGP clients. I've already sent a mail to Kristian Fiskerstrand (the
developer of SKS keyserver), explaining the problem.
--
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
https://www.parckwart.de/pgp_key
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-project mailing list tor-project@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project