|
|
|
|
|
|
by diafygi
4045 days ago
|
|
|
Can you please disclose the key ids? Are they the same instances of inserting subkey under someone's public key with an invalid self-signature[1]? If so, it seems that this attack is exploiting the fact that the sks-keyserver pool doesn't verify self-signatures and some non-gpg client might not verify self-signatures either (dunno which one, though). [1]: https://news.ycombinator.com/item?id=9561407 |
|
|