HKP client certificates (was: HKP keyservers over SSL)
Werner Koch
wk at gnupg.org
Fri Apr 3 14:46:32 CEST 2009
On Mon, 23 Mar 2009 18:56, dshaw at jabberwocky.com said:
> communications, rather than the client to server communications. The
> catch, of course, is that given how the keyserver gossip protocol
> works, a given keyserver pool must be willing to exclude everyone who
> does not similarly use client certs.
You will end up with the usual trust problem. Why should a server trust
a user certificate? Well, it would allow to actually implement the
No-modify keyserver preference we set on new keys for ages. But how
shall this work for revocations? A user without access to his secret
key still needs a way to upload revocations. PKIs used beyond a closed
user group just don't work.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list