looking up pgp keys

Phil Pennock gnupg-devel at spodhuis.org
Tue Sep 10 04:06:05 CEST 2013


On 2013-09-09 at 20:40 -0400, Tim Prepscius wrote:
> Why aren't the results from the http://pgp.mit.edu:11371 signed with their key?
> They have an http request but there is no way I can tell if I've been mitm-ed.
> 
> 
> I should be able to ask each server I request from, the public key of
> the other servers, and then check the signature of each against each
> other
> 
> ??
> 
> Is this implemented and I'm missing it somehow?

Anyone can upload content to the public keyservers.  I could, instead of
writing this email, use GnuPG to create an OpenPGP key which claims to
belong to:

  Tim Prepscius <timprepscius at gmail.com>

and upload it.

Signatures securing links between keyservers don't matter, when *anyone*
can anonymously upload keys into a keyserver and let them propagate.

The security of the PGP keyservers is not from "being in the public
repositories" -- they're a collection of assertions that various people
make.

The security is because PGP inherently provides an object-level model of
security, where the items themselves should be sufficient for
establishing links.  This is where the Web-of-Trust comes in.  Given
user decisions of how much I trust, say, "Werner Koch" (as that identity
is expressed by one particular PGP key) to bother verifying identities
of people and the links between them and keys, I can trust the identity
assertions in keys which carry a uid signature from Werner.  The link is
there from the signature already, I decide how much I trust signatures
from a particular key.

There is spam in the public keyservers.  There are known bad keys, there
are known malicious keys.  The continuing viability of public keyservers
is a reasonable thing to question.  The loss of them would be a blow.

But the mere presence of a key in a public collection conveys no
inherent trust.  There's more trust from `finger foo at example.org`,
because heck, at least faking the result would require a current active
attack.  That's still not a lot of trust, but it is mildly suggestive
that a key might be a reasonable match to an identity (in the form of an
email/finger address), unlike being present in a public keyserver, which
is not suggestive at all.

-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: </pipermail/attachments/20130909/e934d25b/attachment.sig>


More information about the Gnupg-devel mailing list