looking up pgp keys

Phil Pennock gnupg-devel at spodhuis.org
Mon Sep 9 08:12:58 CEST 2013


On 2013-09-08 at 21:53 -0400, Tim Prepscius wrote:
> So I'm writing this secure e-mail web system.
> I'm currently integrating pgp for end to end security.

What is your threat model?  Who and what attacks are you protecting
against?  What do you mean by "security" in this context?

> Does anyone have any thoughts on this issue?

Yes; I'm going to assume that various news items of the past few months
are a motivating factor in your work and thus that trace data privacy is
one of the concerns.  I'll also assume that you're accepting leaking of
"someone in domain Foo is (or wants to) talk to someone in domain Bar"
and that you understand the anonymity of crowds in such a security
model.

Note that most recipient mail-servers will not also run PGP keyservers,
If you want that approach to take off, I suggest figuring out a DNS
scheme for asking for SRV records _mail-openpgp._tcp.example.org or
somesuch.  The details don't matter.  If you mandate TLS and sort out
naming/identity issues then that also gives you federated-level privacy
as to who the communicants within the domains are.  A snooper still
knows which domains you're talking to, but they'd know that anyway from
the DNS traffic you send out and then a correlation from the SMTP
connection before you set up TLS. 

If you want to talk to some selection of PGP keyservers, then how do you
decide which to talk to?  How do you establish trust?  The public PGP
keyserver pools are a convenience, but if you use them then you're
sacrificing privacy about who you wish to communicate with.  If the NSA
is not running at least one PGP keyserver in the SKS pool, then they're
slipping.  *Best* case for privacy is that a non-NSA person with a
security clearance runs a keyserver with a code modification to hide
some peers, and so provides a hidden gateway for sending copies of key
updates into the NSA, without the NSA actually tracking who is asking
for PGP keys.  Somehow, that regard for communicant privacy does not
seem to match the current narrative around the NSA.

If you care about privacy and making any meaningful assertions, you run
keyservers yourself, peer into the public pool, and point your clients
only at the keyservers which *you* run and which you hope you can
meaningfully vouch for.


Regards,
-Phil



More information about the Gnupg-devel mailing list