On 01/14/2018 08:36 PM, Alain Wolf wrote: > Unfortunately the problem of 95% of the server pool not supporting > HKPS out of the box remains unresolved. For now. > > My opinion is still the same: Unencrypted HKP should be the exception > and HKPS the rule. The majority of the pool servers need to be in the > HKPS pool and HKP then might be slowly phased out and deprecated.
From a security perspective that isn't necessary. OpenPGP is utilizing object based security, whereby the packets are signed. So HKP has no security implication. From a privacy perspective, then yes, using HKPS transport is better, but it doesn't improve anything if malicious servers are included in some way that records information anyways, so having all servers included reduces privacy, it doesn't improve anything, as long as the pool itself is operational. And fwiw, none of the geographical sub-pools are doing anything re HKPS, that is a single global pool. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Timendi causa est nescire The cause of fear is ignorance
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
