Two well-known developer OpenPGP project Robert J. Hansen (rjh) and Daniel Kahn Gillmor (dkg) certificate poisoning attacks over the past week to become the victims . Unknown attacker using OpenPGP protocol to the defect itself and OpenPGP certificates rjh dkg of poisoning. Import poisoning OpenPGP version of the certificate will destroy defective. Poisoning certificate already exists in SKS Keyserver Network, there is no reason to believe the attacker stopped after the attack on the two certificates poison. dkg said multiple certificates Tor project was also attacked . This attack can not be in the short term SKS keyserver or OpenPGP Working Group to mitigate the impact, future releases will include some of the ways to weaken OpenPGP attacks, but there is no timetable. Do not expedient to extract data from SKS Keyserver Network. Software Keyserver using a researcher using OCaml language development for his doctoral thesis, lack of community understanding of their talent or algorithm that language. Software unmaintained, and no one qualified to modify the code.
via Solidot