[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: “Keyservers are actually useless these days and I wish they could go
|
From: |
Werner Koch |
|
Subject: |
Re: “Keyservers are actually useless these days and I wish they could go away” |
|
Date: |
Thu, 18 Jul 2019 12:47:23 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Wed, 17 Jul 2019 14:44, 321942@gmail.com said:
> An advocate of the ‘Web of Trust’ hardly agrees with that. I am not
> the one, however I’m really intrigued — what do you suggest to use
> instead.
If the goal is to make end-to-end encryption a standard on the Internet
we need to get away from geeky things like the WoT which is too
complicated to explain it to hackers in a few words. For the geek
factor I really like it and it is quite possible that we will develop
ideas on how to keep it alive despite of the too obvious DoS attacks on
the keyservers. The basic idea is to allow uploads only by the key
owner. OpenPGP has a flag for this and GnuPG has always set this flag.
However, due to lack of support in keyservers this has always been
ignored. What we need is to have keyservers which are able to check
the self-signatures on a key to act upon it. With that we can quickly
had a feature to authenticate uploads.
I propose the use of the Web Key Directory (WKD), which is a lookup of
keys from the webserver matching the domain of the mail address. We
have all for this in place for a few years but need the support of the
large mail providers. The advantage is that you the entity assigning
mail addresses also vouchs for the matching key. This is already the
default in GnuPG if you specify a recipient by mail address. Most MUAs
however first get a key listing from gpg and then select by fingerprint,
thus changes to the MUAs are needed.
For those mail provider which will never implement that due to their
business model there is fallback solution: On the first contact a signed
(but not encrypted) mail is sent. The recipient then gets the
information for the key from that signature and can may retrieve the key
directly from the mail, or via fingerprint from a keyserver, or via the
mail address from the WKD. Thus the reply will already be encrypted and
initial trust has been established. We call this auto-key-retrieve.
This obviously needs support from the MUA.
Both schemes are implemented in Enigmail but are meanwhile hidden
benhind the other key discovery schemes. It is implemeted in Kmail and
also in our tools for Windows.
>> Looking up key at a keyserver does not give you any indication that
>> the key belongs to the claimed mail address.
>
> But they was never intended to do so, was they? They are mean to
Right. But in practise people assumed tha this is the case and
complained when a faked address was on the keyserver.
> reliably _publish_ your key, and they have been doing their job fairly
> well, as far as I can tell. What might the substitute? Bittorrent?
> Blockchain?
Nope. We need keyservers only for key revocation and best also for
lookup of the basic key via fingerprint. This still works with the SKS
servers but there are too less of them left so that we hesitate to
re-enable the auto-key-retrieve feature by default in the major MUAs.
> I believe, nobody opposes to running a proprietary service for
> distributing keys, verifying or not, gratis or paid (yes, why not?).
> Setting it as a default is what I see as a dubious act.
If you want get something in use you need to have it has default.
Virtually nobody changes options.
> Moreover, I suppose, few would have anything against a default server
> that also optionally performs an email / SIP / GNU Social / whatever
> check, as long it’s not a walled garden like keys.opengpg.org, that is
I would not call that small project a walled-garden and I even don't
think that it ever will be. There is no business model behind it and I
can't see one. PGP Inc did the same thing and they failed; otehrs
laucnhed such services too in the last 20 years and they faile as well.
No network effect, no success. Thus the defaults matter.
What would you think about changing the control of that very
"walled-garden" from a single person to another legal entity? For
example we have the charitable GnuPG e.V.[1] with members being people from
seeveral OpenPGP projects. In fact that club has sufficent financial
resources to run several servers. It would be quite similar to what Tor
is doing.
> Actually, if I am not mistaken, before the SKS-based WoT practically
> went out of operation after the DoS-attack, doing that did not require
> any changes neither in SKS, nor in GPG: a server could check the email
> and sign a key, and a frontend check its signature — that’s all. Or
> am I mistaken?
The SKS keyserver software is not maintained and there are no hackers
brave enough to touch the code. And worse there is no crypto support at
all. Aside from SKS there is a couple of other software for keyservers
which could be extended to verify self-signature and implement require
features. The Hagrid software might actually be the best choice right
now if they, or someone else, would change some of the policies
implemented in the code.
> But that does not, so long as no one is forbidden to run yet another
> verifier, connected to the common WoT.
The WoT does not scale and will always be a hacker's thing - which is
not bad but does not help in getting end to end encryption really widely
deployed.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature