HKP client certificates (was: HKP keyservers over SSL)

David Shaw dshaw at
Fri Apr 3 15:26:05 CEST 2009

On Apr 3, 2009, at 8:46 AM, Werner Koch wrote:

> On Mon, 23 Mar 2009 18:56, dshaw at said:
>> communications, rather than the client to server communications.  The
>> catch, of course, is that given how the keyserver gossip protocol
>> works, a given keyserver pool must be willing to exclude everyone who
>> does not similarly use client certs.
> You will end up with the usual trust problem.  Why should a server  
> trust
> a user certificate?  Well, it would allow to actually implement the
> No-modify keyserver preference we set on new keys for ages.  But how
> shall this work for revocations?  A user without access to his secret
> key still needs a way to upload revocations.  PKIs used beyond a  
> closed
> user group just don't work.

I'm referring to the server to server communications, rather than the  
client (GPG) to server communications.  I.e. the SKS "gossip" protocol  
it uses to exchange keys internally.  I can see reasons why server A  
might want to authenticate server B before it allows it to contribute  
to the shared keyring.  The catch is as I stated: you need to be  
willing to exclude every server who doesn't use keys (and even gossips  
with those who don't use keys), which is a nonstarter.


More information about the Gnupg-devel mailing list