What would happen if a public key server is compromised?

Question

What would happen if in someway a public key server, let's say the MIT PGP key server, was compromised and some keys would be edited to an attacker's public key?

• Is this even possible?
• Would that be detected quickly?
• What course of action would be taken?

Maybe I don't completely understand the concept, but I was wondering if this is a real issue.

Answer 1

Anybody can upload anything to the key server network, and there is only minimal verification of syntactical correctness. Do never trust anything on the key servers without further verification!

Whenever you fetch a key from the key server network, you should verify it for validity, for example through comparing the key's fingerprint with the key's proclaimed owner through an already established, authenticated (not necessarily private) channel: by meeting him, through a video or voice call, by sending a letter.

Is this even possible?

To consider what a malicious key server might be able to do, you have to consider different attack models.

• Keyserver hosting false keys should not be a problem, as you need to verify them anyway. Search the key servers for president@whitehouse.gov, I don't believe a single one is Barrack Obama's.
• Keyserver modifying keys will send keys with modified or added OpenPGP packets like user IDs or signatures, but your OpenPGP client will realize that and stop importing the malicious key, and tell you so. At least GnuPG is doing so. If the primary key is modified, this would result in a changed fingerprint, and resembles an added key, not a modified one.
• Keyservers omitting data is well possible and a problem. A key server could hide a given key you should not see, or even prevent you from fetching a revocation certificate. This can only be prevented by fetching the key from multiple and if possible trusted servers using HKPS to prevent man-in-the-middle-attacks.

Would that be detected quickly?

In case of omitted information, only if you notice it on your own, for example because data's missing on one server but hosted on another, and reconciliation does not take place for a given time (give servers some minutes up to several hours to fetch up on all updates).

You can realize that there are fake keys, but this is not really a key server problem but a problem with verification. You will realize modified keys because of warnings/error messages in your client application.

If you realize a key server is acting weird, and keeps on doing so, consider reporting to the SKS mailing list, which probably is the place most other key server operators get together. At least it might be removed from the SKS key server pool, which is default for most OpenPGP setups.