Hello,
On 07.11.2018 18:17, Tobias Mueller wrote:
> That said, I think we can store revocations in the CT logs s.t. we can
> at least have integrity protection and non-equivocation for those. Both
> properties which we currently do not have when fetching them from the
> key server.
Mozilla
Hi,
On Wed, 2018-11-07 at 12:33 +0100, Wiktor Kwapisiewicz via Autocrypt
wrote:
> If cryptographic verification was enough for X.509 there
> wouldn't be Certificate Transparency
CT solves a slightly different set of problems related to
the centralised trust model that we don't necessarily have.
On Wed, 2018-11-07 at 17:34 +0100, Werner Koch wrote:
> Thus removing the search capability from the keyservers
> will render its free-as-in-beer storage feature mostly useless.
Only if you assume that nobody creates such an index.
Cheers,
Tobi
___
Hi,
On Wed, 2018-11-07 at 10:13 +0100, Werner Koch wrote:
> This requires that there are no rogue keyservers in the network and
> that
> in turn means that they are under the control of a single entity.
It depends on your use case, but you might be happy enough if you have a
proof of who
Hi Werner, all,
i'd appreciate if we can close this "GDPR and key servers" subject
and end sending mails about it to three mailing lists.
The Autocrypt ML subscribers are likely either also subscribed to
at least one of openpgp-email/gnupg-devel or mostly not
interested in further detailed
> On 7 Nov 2018, at 16:43, Yegor Timoshenko wrote:
>
> It's not just storage, it's also immutable and distributed.
In the keyservers, removing immutable content is a Very Hard Problem, but it is
theoretically possible.
With blockchain, it is impossible by design.
A
> Free storage to upload arbitrary data is easily available (e.g.
> p2p, free mail accounts). Having a searchable index to that
> data is more challenging. Thus removing the search capability
> from the keyservers will render its free-as-in-beer storage
> feature mostly useless.
It's not just
On Wed, 7 Nov 2018 11:50, andr...@andrewg.com said:
> significantly affecting legitimate use. It may stop people uploading
> warez but it can’t prevent cheap vandalism.
Free storage to upload arbitrary data is easily available (e.g. p2p,
free mail accounts). Having a searchable index to that
On 07.11.2018 11:50, Andrew Gallagher wrote:
>
>> On 7 Nov 2018, at 10:16, Yegor Timoshenko wrote:
>>
>> World-writable storage is problematic even if there is no search.
>> Proof of work and some operator-controllable data removal
>> mechanism (like opt-in key blacklists) can help limit this
> On 7 Nov 2018, at 10:16, Yegor Timoshenko wrote:
>
> World-writable storage is problematic even if there is no search.
> Proof of work and some operator-controllable data removal
> mechanism (like opt-in key blacklists) can help limit this attack
> vector.
>
> Storing immutable data,
> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real
> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real
So it seems like the usual response is to ignore the fatal issues that could
affect this network. 6 months on from the first set of PoC's and no one has
stepped forward to fix them - they have only attempted to defend the network
through pride. How is anyone meant to trust infrastructure run by
On Tue, 6 Nov 2018 17:27, a...@datenreisen.de said:
> I do roughly recal that such a verification process has been discussed for
> the SKS keyservers at one of the pgp-summit before, but i wonder what
> happened to the idea. However, if it that is “good enough” to be compliant
This requires
On Tue, 6 Nov 2018 17:57, v...@pep-project.org said:
> I'm not of the opinion that key servers are a good idea at all. It's
> a pity that people still follow this wrong idea.
Keyservers are used for several purposes:
1. Search for keys based on the fingerprint ("gpg --recv-key FPR")
2. Search
15 matches
Mail list logo
