Keyserver access changes in GnuPG
Stefan Claas
stefan.claas at posteo.de
Wed Dec 12 18:52:24 CET 2018
On Wed, 12 Dec 2018 08:05:58 -0900, justina colmena via Gnupg-users wrote:
> One disadvantage of "keyservers" in general is that the automated queries to them leak "too much information" on the
> parties with whom one is communicating - even the fact that one is using PGP at all.
This can be simply avoided by using a mixnym address and using the Usenet group alt.anonymous messages.
It requires of course that people get familiar with Mixmaster, which is as old as PGP. Or simply use Bitmessage.
> One of the original goals of PGP, and later on, GnuPG, was to avoid the reliance on a central point of failure such
> as a "server." It was to be a most explicitly *decentralized* system.
Nobody is against a decentralized system.
> *Probably nothing wrong* with a keyserver if the key is tied to one's everyday real-life identity, but that is not
> always the use case of public key cryptography. Not everyone wants his or her phone number, email address, and
> residence address published in a database accessible to the public.
And probably nobody wants that 3rd parties can upload your key with funny or not so funny signatures, or knock-out
your key so that friends can't no longer download it from key servers.
> The big advantage, of course, to the keyservers is that they make it convenient for people to use PGP and GnuPG who
> might not otherwise bother with encryption at all.
The latest user guide from EFF shows key server usage as *last* option in their document and also tells people to think
about it, uploading a key to a key server.
<https://ssd.eff.org/en/module/how-use-pgp-mac-os-x>
> This whole debate, I seem to recall, took place many, many years ago, and of course different groups have different
> goals and find different technical solutions for their respective situations.
True, but have you ever seen replies from (a) key server software developer(s) saying we are aware of all those problems
and we are working on a solution? I don't refer here to the pgp.com key server, WKD, Autocrypt or keybase, i mean the
widely used SKS key server network.
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181212/7f179b18/attachment.sig>
More information about the Gnupg-users
mailing list