On Tue, 6 Nov 2018 17:57, v...@pep-project.org said: > I'm not of the opinion that key servers are a good idea at all. It's > a pity that people still follow this wrong idea.
Keyservers are used for several purposes: 1. Search for keys based on the fingerprint ("gpg --recv-key FPR") 2. Search for key recovations ("gpg --refresh-key") 3. Search for keys based on the user id. (e.g. "gpg --search-key") 4. As a distribution medium for key signatures. 5. As a distributed and searchable storage. The first two purposes are quite useful because they allow to verify signatures made by yet unknown keys. Retrieving the keys is no data privacy problem because by signing and sending a mail the sender has already provided all these information. There is nothing which can replace these purposes because a key does not necessary need to have a mail address and even if so, any mail address based lookup can fail after the mail address is not longer in use, the account has been disabled, etc. Fingerprints are are globally unique and need not be associated with a mail address. Purpose 3 is what we call key discovery and indeed keyservers are the wrong way to do this. In most cases we want to map a mail address to a key and have some kind of reliable mapping. Keyservers which are just a pile of keys don't allow for this. Back then when encryption was young and the internet was a friendly place search for keys worked in most cases. But the times have changed and the bona fide search is useless. Purpose 4, distribution of key signatures, worked as long as people didn't used the key listings of the server or tools for more or less funny messages. Uploading key signature should be possible only by the holder of the key. However, to enforce this the keyservers need to employ real crypto and won't be a lean service anymore. I think the distribution of keyservers, for those who still want to use the WoT, can be replaced by sending the signed keys only back to owner. In fact tools like caff suggest this use case. Purpose 5 is not relevant for OpenPGP key distribution and actually the reason why the keyserver network has more or less broken down. My suggestion is limit the keyservers to the purposes 1 and 2. This can in practice easily be done by removing the search by user-id interface form the keyservers and, on the client site, by discovering keys using other methods (e.g. Web Key Directory). Having no searchable interface to the keyservers make them less attractive for abuse (as in purpose 5) and avoid some privacy issues (white pages without user consent). It is likely that gpg will eventually change its --search-key command to do the equivalent of --locate-key but without checking the local keyring. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpi2JV0sKsp_.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel