Re: [Sks-devel] Wotsap (Was: sks in read-only mode?)

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Wotsap (Was: sks in read-only mode?)

From:	Linus Lüssing
Subject:	Re: [Sks-devel] Wotsap (Was: sks in read-only mode?)
Date:	Wed, 2 Nov 2011 11:15:02 +0100
User-agent:	Mutt/1.5.20 (2009-06-14)

Hi Kim Minh, hi Gabor,

On Wed, Nov 02, 2011 at 09:22:49AM +0100, Kiss Gabor (Bitman) wrote:
> > I'm actually mostly interested in creating one local database from
> > various key servers which I could use for wotsap. And to achieve
> > this, I wouldn't need any bidirectional peering, just
> > read-only access / unidirectional syncing would be fine for me,
> > right?
> 
> Hi Linus,
> 
> Do you plan a public service?
> It would be extreme useful because both pathfinders I know (*)
> use database of Swiss OpenPGP Keyserver (http://opks.keyserver.ch:11371/pks/)
> that is out of sync since several months (or even a year).
> Its status page says: database is corrupted.

Yeah. Hmm, I noticed that with the latest wotsapdb file from the wotsap
homepage I was seeing less trust paths than with pgp.cs.uu.nl. So
my intention was to build such a wotsapd file myself and to check
trust paths on my own without having to trust someone else.

I didn't plan to make that service publicly so far, that's why I
was asking whether there is something like a read-only mode for
sks. So that no one would have to trust me, so that I wouldn't
have to register my private keyserver anywhere. But still could
basically have a synced mirror of the current pki system though.

Anyway, if there is some interest in having another keyserver in
the whole system, I could probably set one up on a machine (not in
the datacenter though) in my university and let the according ports
be opened by the sysadmins. Are there any requirements for
availability?

Also I think I'm seeing a couple more issues with wotsap to
actually be useful for verifying the trust paths with it automatically
(maybe I'm wrong with some points though, just started looking at
it):
* wotsap does not use gpg to actually verify the signatures within
  the wotsapd file? (does sks check signatures before accepting
  them?)
* wotsap does not check trust signatures. And checking normal
  signatures for verifying a trust path does not really make sense
  to me (if I verify the ID of and sign person x with a normal
  signature, then this doesn't mean that I think that the
  signatures x makes are ok, as I probably might not even know
  that person)
* wotsap does not allow merging two wotsapdb files. So if I were
  able to verify and only have verified signatures within a
  wotsapd file, that if someone were somehow manipulating a / my
  pks or a public wotsapd file to have less signatures, that I
  could consult multiple sources then to make such an attack
  pretty much impossible.

Cheers, Linus

> 
> Regards
> 
> Gabor
> 
> * http://www.lysator.liu.se/~jc/wotsap/
>   http://pgp.cs.uu.nl/
> -- 
> Wenn ist das Nunstück git und Slotermeyer?
> Ja! ... Beiherhund das Oder die Flipperwaldt gersput.
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Wotsap (Was: sks in read-only mode?), Kiss Gabor (Bitman), 2011/11/02
- Re: [Sks-devel] Wotsap (Was: sks in read-only mode?), Linus Lüssing <=

Prev by Date: [Sks-devel] Wotsap (Was: sks in read-only mode?)
Next by Date: Re: [Sks-devel] 3 million keys & and community help requested
Previous by thread: [Sks-devel] Wotsap (Was: sks in read-only mode?)
Next by thread: [Sks-devel] Fwd: How SKS works (was Re: SKS: The synchronizing keyserver)
Index(es):
- Date
- Thread