On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > Can you give more details about the security aspect?
People believe that the keyservers magically return a matching key for a mail address. There is no guarantee for this. In fact all people from the strong had meanwhile expired faked key on the servers, which was not easy to detect given that they were also signed by faked keys from the strong set. Thus if you have the capability to sniff mail you would upload a faked key and hope that future senders pick up that faked key and encrypt to it. You can now intercept that mail, read it, encrypt to the real key and send on. Even if you can't mount such an active MitM you can simply send on the newly encrypted mail with an additional line "sorry, I encrypted to the wrong key". Right the Web of Trust would stop this attack, but most people are not part of the WoT. Simple methods for initial /key discovery/ are required. Even autocrypt is better than keyservers and with the Web Key Directory you can get an even better assurance that it is the correct key. > run their own key server and analyze the data. So what purpose should > your suggestion serve? The additional benefit is that this would take away the load from the servers and allow that we can get back the large mesh of keyservers. Without being able to search user-ids it does not anymore make sense to use keyservers as search engines for magnet links to Bittorrent distributed data. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpCro1j69bIP.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users