HKP client certificates (was: HKP keyservers over SSL)
David Shaw
dshaw at jabberwocky.com
Fri Apr 3 15:26:05 CEST 2009
On Apr 3, 2009, at 8:46 AM, Werner Koch wrote:
> On Mon, 23 Mar 2009 18:56, dshaw at jabberwocky.com said:
>
>> communications, rather than the client to server communications. The
>> catch, of course, is that given how the keyserver gossip protocol
>> works, a given keyserver pool must be willing to exclude everyone who
>> does not similarly use client certs.
>
> You will end up with the usual trust problem. Why should a server
> trust
> a user certificate? Well, it would allow to actually implement the
> No-modify keyserver preference we set on new keys for ages. But how
> shall this work for revocations? A user without access to his secret
> key still needs a way to upload revocations. PKIs used beyond a
> closed
> user group just don't work.
I'm referring to the server to server communications, rather than the
client (GPG) to server communications. I.e. the SKS "gossip" protocol
it uses to exchange keys internally. I can see reasons why server A
might want to authenticate server B before it allows it to contribute
to the shared keyring. The catch is as I stated: you need to be
willing to exclude every server who doesn't use keys (and even gossips
with those who don't use keys), which is a nonstarter.
David
More information about the Gnupg-devel
mailing list