looking up pgp keys
Phil Pennock
gnupg-devel at spodhuis.org
Tue Sep 10 04:06:05 CEST 2013
On 2013-09-09 at 20:40 -0400, Tim Prepscius wrote:
> Why aren't the results from the http://pgp.mit.edu:11371 signed with their key?
> They have an http request but there is no way I can tell if I've been mitm-ed.
>
>
> I should be able to ask each server I request from, the public key of
> the other servers, and then check the signature of each against each
> other
>
> ??
>
> Is this implemented and I'm missing it somehow?
Anyone can upload content to the public keyservers. I could, instead of
writing this email, use GnuPG to create an OpenPGP key which claims to
belong to:
Tim Prepscius <timprepscius at gmail.com>
and upload it.
Signatures securing links between keyservers don't matter, when *anyone*
can anonymously upload keys into a keyserver and let them propagate.
The security of the PGP keyservers is not from "being in the public
repositories" -- they're a collection of assertions that various people
make.
The security is because PGP inherently provides an object-level model of
security, where the items themselves should be sufficient for
establishing links. This is where the Web-of-Trust comes in. Given
user decisions of how much I trust, say, "Werner Koch" (as that identity
is expressed by one particular PGP key) to bother verifying identities
of people and the links between them and keys, I can trust the identity
assertions in keys which carry a uid signature from Werner. The link is
there from the signature already, I decide how much I trust signatures
from a particular key.
There is spam in the public keyservers. There are known bad keys, there
are known malicious keys. The continuing viability of public keyservers
is a reasonable thing to question. The loss of them would be a blow.
But the mere presence of a key in a public collection conveys no
inherent trust. There's more trust from `finger foo at example.org`,
because heck, at least faking the result would require a current active
attack. That's still not a lot of trust, but it is mildly suggestive
that a key might be a reasonable match to an identity (in the form of an
email/finger address), unlike being present in a public keyserver, which
is not suggestive at all.
-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: </pipermail/attachments/20130909/e934d25b/attachment.sig>
More information about the Gnupg-devel
mailing list