HKP keyservers over SSL

Fabian Keil freebsd-listen at
Sat Mar 28 18:11:53 CET 2009

David Shaw <dshaw at> wrote:

> On Fri, Mar 13, 2009 at 09:22:16PM +0100, Werner Koch wrote:
> > What we want is to make it harder to see what keys are fetched from the
> > keyserver: Obviously that should be done with TLS and we need to
> > authenticate the server to avoid MITM attacks.  For the latter we have
> > several options:

> >   5. Forget about this all and implement it properly using an anonymizer
> >      service.  That service needs to batch up queries and insert dummy
> >      queries.  Should not be to hard to get this implemented in TOR.

> > The more I think about it, option 5 (enhanced TOR) looks more and more
> > promising.  The basic question is why to come up with a limited
> > anti-surveillance mechanism if we could get a strong one as well.  I am
> > pretty sure that a few years after the major keyservers will speak TLS,
> > real anonymity will be requested and then we can start from scratch.
> Personally, I like both options 1 and 5.  I like the TOR idea (5) a
> lot.  It's a clever way to work around some of the limitations of a
> public keyserver network.  In the immediate sense, however, I see no
> reason to not support some of the other options as well.  A
> TLS-wrapped hkp (1) does not affect a TOR implementation (and can, in
> fact, be used with a TOR implementation), and gives protection against
> casual snooping by a third party of which keys are being requested.

If the keyserver is properly setup as a location hidden
service, no third party should be able to snoop:

In related news, it would be great if more keyservers
were (additionally) reachable as location hidden services.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: </pipermail/attachments/20090328/2aad06c9/attachment.pgp>

More information about the Gnupg-devel mailing list