[liberationtech] Interesting things in keyservers
Ralph Holz
holz at net.in.tum.de
Wed Jul 17 01:10:20 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
> I'm working on a talk for OHM2013 about PGP. Can anyone send me
> examples of interesting keys in key servers that you know of?
>
> For example, attempts at XSSing Enigmail (I think one of these is
> mine from long ago -- and BTW, Enigmail isn't vulnerable):
Sweet!
I have long wondered if someone on the Web wouldn't want to try
similar stuff with X.509 certificates - exploiting some weakness in
the ever-crucial ASN.1 parsing etc.
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x6E5D912BBF74A1A6
>
>
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBDE99D48C65A27EC
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x06AB7A6AA7B3C04D
>
>
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xC1BBD7FB306E2139
>
> I remember seeing a key once that was full of ASCII art user IDs
> or maybe sigs, but I don't remember what to search for. Anything
> else interesting?
FWIW, we have the key information of Dec 2010 from the SKS servers as
a database dump: https://pki.net.in.tum.de/node/9
Maybe it helps. We didn't store the raw keys, however.
Ralph
- --
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJR5lFpAAoJEFIODINpsAPvP6oH/jxNPmitGazoT36lAZwUgNNo
NeLXGrI9Cm0gTUEewYGMggoQ/oIxkIU+v7cDd0OUlxCOeB2t0YIACA1QzBwY8d4p
AYC+sBi86yM41sf9aJpMNdstXXU7tTLrBdmj73qeHt3ZkxpeKZzj/ggjd03oL9tV
8A7taMx13/HQagQAbdOEC9R5MeHLrKl1IoSm2pSDe3ikGGDjgn0RxASQnXVcPnba
4VV4kY7iscJUQaVj1EBlTE4TnCLGoMIXR6J+86XM09mRyWQXSVbv/5bF+8fA8V0L
qbMZxvrDB2GmppY/mvdL13nKsbyC8PrY27CpSAH871Isxkf952Ip4BG97MgdixI=
=0gJ/
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list