Re: “Keyservers are actually useless these days and I wish they could go away”

[Dmitry Alexandrov]

Werner Koch <wk@gnupg.org> wrote:
> On Wed, 17 Jul 2019 14:44, 321942@gmail.com said:
>> Werner Koch <wk@gnupg.org> wrote:
>>> Keyservers are actually useless these days and I wish they could go
away.
>>
>> An advocate of the ‘Web of Trust’ hardly agrees with that.  I am not the 
>> one, however I’m really intrigued — what do you suggest to use instead.
>
> If the goal is to make end-to-end encryption a standard on the Internet we 
> need to get away from geeky things like the WoT which is too complicated to 
> explain it to hackers in a few words.

I am not quite sure, why do you believe that a social network is a ‘geeky 
thing’, but in any case ‘to get away from something’ does not mean ‘to kill 
it’, does it?

> For the geek factor I really like it and it is quite possible that we will 
> develop ideas on how to keep it alive despite of the too obvious DoS attacks 
> on the keyservers.

I’m really glad to hear it, even though am have not been fan of it (as well as 
social networks in general).

>> What might the substitute [for keyservers]?  Bittorrent?  Blockchain?
>
> I propose the use of the Web Key Directory (WKD), which is a lookup of keys 
> from the webserver matching the domain of the mail address.

Yes, that is a means of publishing keys, that is normally controlled by one of 
the two possible attackers, is not it?

> The advantage is that you the entity assigning mail addresses also vouchs for 
> the matching key.

And the disadvantage is the same.  So even a proprietary service like 
keys.openpgp.org looks better from the security terms than WKD.

> This is already the default in GnuPG if you specify a recipient by mail 
> address.

And that is to my perplexity.  Why?!

> For those mail provider which will never implement that due to their business 
> model there is fallback solution: On the first contact a signed (but not 
> encrypted) mail is sent.  The recipient then gets the information for the key 
> from that signature and can may retrieve the key directly from the mail, or 
> via fingerprint from a keyserver, or via the mail address from the WKD.  Thus 
> the reply will already be encrypted and initial trust has been established.  
> We call this auto-key-retrieve.  This obviously needs support from the MUA.

Hm, what’s wrong with Autocrypt?

> Both schemes are implemented in Enigmail but are meanwhile hidden benhind the 
> other key discovery schemes.

And with transitioning to PEP-mode, they are both (along with Autocrypt) are 
obsoleted, as far as I see.

>>> Looking up key at a keyserver does not give you any indication that the key 
>>> belongs to the claimed mail address.
>>
>> But they was never intended to do so, was they?
>
> Right.  But in practise people assumed tha this is the case and complained 
> when a faked address was on the keyserver.

Indeed, some are.  But is following wrong expectations is the right thing to 
do?  This is the Internet after all: it’s full of fakes.  People should be 
sceptic there.

And to repeat it again, ability to verify any info (and email in particularly) 
does not require passing the full control of the data to a central authority, 
as verification is about appending the data, not removing it.  If no one have 
done this till today, maybe the problem is not so prominent in fact?

> The WoT does not scale

Pardon?  I hope, I can understand, how _SKS keyserver_, a software, does not 
scale well, but how could WoT per se, a concept of a social network, scale or 
not scale?

>> They are means to reliably _publish_ your key, and they have been doing 
>> their job fairly well, as far as I can tell.
>
> Nope.  We need keyservers only for key revocation and best also for lookup of 
> the basic key via fingerprint.

That is, my initial gladness was premature?  You _are_ going to kill keyservers 
as they exist now?

I have to admit, that this proposition looks really weird to me: to create one 
of the world first social networks, that have been shown a stable growth in 
userbase all those years despite being abandoned by developers and hardly 
usable, and finally, in 2019, declare that nobody needs it?

>> I suppose, few would have anything against a default server that also 
>> optionally performs an email / SIP / GNU Social / whatever check, as long 
>> it’s not a walled garden like keys.opengpg.org, that is that is detached 
>> from the de-facto standard network (that was SKS) and therefore breaks 
>> seamless compatibility between various GPG frontends and GPG-compatible 
>> clients.
>
> I would not call that small project...

Small?  It has been there for about a month, has not get its full strength yet 
(Enigmail will start uploading all keys there when Thunderbird 68 releases), 
though already has above 5 000 users.

> I would not call that small project a walled-garden and I even don't think 
> that it ever will be.

Okay, as you prefer it.  That’s after all only a metaphor, not a well-defined 
term, so it’s hard to assert that I’m using it appropriately.  I can only 
clarify, what did I meant, — that it is created specifically to cease an 
exclusive control over user’s data.

> There is no business model behind it and I can't see one.

You say it like it’s something good.  No, it’s even worse then: the service 
will became unmaintained even sooner than SKS did and sink into oblivion along 
with all the collected data, helping various ill-wishers to continue to spread 
rumours about PGP being a total fail.

> PGP Inc did the same thing and they failed; otehrs laucnhed such services too 
> in the last 20 years and they faile as well.

But actually there is a model, and it is very well known: embrace, extend and 
(optionally) extinguish.

Look at https://keybase.io — five years ago they started out exactly as a 
verifying keyserver, that was allowing you to attach your GitHub / Twitter / 
etc identity to your GPG key and confirm the connection.  Now they mainly 
presents themselves as a competitor of Slack (that’s a chat) and a ‘cloud’ data 
storage.

> No network effect, no success.  Thus the defaults matter.

So you formulate the point!  Now there are defaults, so there will be network 
effect.

> What would you think about changing the control of that very "walled-garden" 
> from a single person to another legal entity?  For example we have the 
> charitable GnuPG e.V.[1] with members being people from seeveral OpenPGP 
> projects.

I would be alarmed.  I actually _am_ alarmed.  Does it mean, that you, the 
GnuPG developers, are considering encouraging users to move to proprietary 
service too?

> It would be quite similar to what Tor is doing.

If so, I’m afraid, I am not familiar with Tor architecture.  I always thought, 
that there is no any data, that is collected from all users by a central 
authority to keep it secret.  Could you enlighten me, what data it is?

signature.asc
Description: PGP signature