Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem

A new wave of spamming attacks on a core component of PGP’s ecosystem has highlighted a fundamental weakness in the whole ecosystem.

Image: Craig Warga/Bloomberg via Getty Images

Unknown attackers are spamming a core component of the ecosystem of the well-known encryption software PGP, breaking users' PGP installations and clients. What’s worse, there may be no way to stop them.

My favourite line from that article:

If you think this is bad, consider this: the SKS software was written in an obscure language by a PhD student for his thesis. And because of that, according to Hansen, “there is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase.”