Re: (Fwd) Keyservers Cross Site Scripting (When CS: msg#00352 security.bugtraq

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "Stefan Kelm" <kelm@xxxxxxxxxx>
> This is of particular danger when it comes to keyservers, since the key
> information itself is usually considered as highly trustworthy.

Absolutely not. Keyservers are wide open public repositories. They
can, and do, contain arbitrary garbage. Users should only trust
material that they can verify through signatures or direct contact.

Moreover, clients should only be generating well-formed URLs
for key lookups. What am I missing?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPMRMGVMkvpTT8vCGEQKSRQCgi3Uvj/w4wAtFsBzM0Yt+CglxTj0AoNCj
vADEMPSTqze3uqdKfLUp3JyT
=IXGp
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: LabVIEW Web Server DoS Vulnerability: 00352, Steven Zins
Next by Date:	RE: arp problem: 00352, dlaumann
Previous by Thread:	more info on the iosmash.c exploiti: 00352, John Scimone
Next by Thread:	Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses: 00352, Ishay Sommer
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: LabVIEW Web Server DoS Vulnerability: 00352, Steven Zins

Next by Date:

RE: arp problem: 00352, dlaumann

Previous by Thread:

more info on the iosmash.c exploiti: 00352, John Scimone

Next by Thread:

Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses: 00352, Ishay Sommer

Indexes:

[Date] [Thread] [Top] [All Lists]

Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous): msg#00352

security.bugtraq