HKP client certificates (was: HKP keyservers over SSL)

Werner Koch wk at
Fri Apr 3 14:46:32 CEST 2009

On Mon, 23 Mar 2009 18:56, dshaw at said:

> communications, rather than the client to server communications.  The
> catch, of course, is that given how the keyserver gossip protocol
> works, a given keyserver pool must be willing to exclude everyone who
> does not similarly use client certs.

You will end up with the usual trust problem.  Why should a server trust
a user certificate?  Well, it would allow to actually implement the
No-modify keyserver preference we set on new keys for ages.  But how
shall this work for revocations?  A user without access to his secret
key still needs a way to upload revocations.  PKIs used beyond a closed
user group just don't work.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list