On Wed, 12 Dec 2018 08:05:58 -0900, justina colmena via Gnupg-users wrote: > One disadvantage of "keyservers" in general is that the automated queries to > them leak "too much information" on the > parties with whom one is communicating - even the fact that one is using PGP > at all.
This can be simply avoided by using a mixnym address and using the Usenet group alt.anonymous messages. It requires of course that people get familiar with Mixmaster, which is as old as PGP. Or simply use Bitmessage. > One of the original goals of PGP, and later on, GnuPG, was to avoid the > reliance on a central point of failure such > as a "server." It was to be a most explicitly *decentralized* system. Nobody is against a decentralized system. > *Probably nothing wrong* with a keyserver if the key is tied to one's > everyday real-life identity, but that is not > always the use case of public key cryptography. Not everyone wants his or her > phone number, email address, and > residence address published in a database accessible to the public. And probably nobody wants that 3rd parties can upload your key with funny or not so funny signatures, or knock-out your key so that friends can't no longer download it from key servers. > The big advantage, of course, to the keyservers is that they make it > convenient for people to use PGP and GnuPG who > might not otherwise bother with encryption at all. The latest user guide from EFF shows key server usage as *last* option in their document and also tells people to think about it, uploading a key to a key server. <https://ssd.eff.org/en/module/how-use-pgp-mac-os-x> > This whole debate, I seem to recall, took place many, many years ago, and of > course different groups have different > goals and find different technical solutions for their respective situations. True, but have you ever seen replies from (a) key server software developer(s) saying we are aware of all those problems and we are working on a solution? I don't refer here to the pgp.com key server, WKD, Autocrypt or keybase, i mean the widely used SKS key server network. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas
pgplXFBye3Sqt.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
