looking up pgp keys

Phil Pennock gnupg-devel at spodhuis.org
Thu Sep 12 06:25:42 CEST 2013

Hash: RIPEMD160

On 2013-09-12 at 03:20 +0200, Hauke Laging wrote:
> If the WoT is ever to be taken seriously (the obvious comparison is the 
> signature law with its requirements for CAs) then this MUST be(come) the 
> server's responsibility. If you cannot know (in a way you can prove) whether 
> the information you get from the server is the current state of the 
> certificate then the information is close to useless.

So who or what are you wanting to trust, and under what circumstances?

The moment you start talking about compliance with signature law, I
infer that you expect the keyservers to be liable for any malicious data
present, even if validation has occurred but the attacker worked to
deceive multiple people to get their data in.  If this happens, I for
one will stop running a public keyserver: I'm not taking on public
liability for the actions of others, which I can't prevent, and with the
liability being to a public which is too often misled by persuasive
idiots who don't understand the basic principles of the components
they're talking about.

The most forgiving interpretation is that you want the server operators
to have performed some kind of filtering, but still accept
responsibility for trust verification yourself.  This is a recipe for
the filtering-by-others being "good enough" for people who don't
understand what's happening, and then again we're back to lawsuits when
reality shows that the filtering would never be complete.  It would
never be complete because there's no true definition of what should be
filtered out.  At the most simple level: "Are pseudonyms allowed?"

Please, please don't bring laws into this if you want to continue to
benefit from a public service provided for free by volunteers.

> We need a much better keyserver infrastructure before the OpenPGP user numbers 
> explode (which I claim for the next five years as I am very actively working 
> on that. I have given a lecture about OpenPGP at the German BSI last month and 
> even without me bringing this up they mentioned that something had to be done 
> about the keyserver situation. Thus I hope they will throw some money at that.

Since you're actively working on this, I welcome constructive
suggestions on how to improve matters.  Some basics for what I consider
necessary in a suggestion for it to be constructive:

 1. It outlines what the proposal considers broken in the existing
 2. Has a real actionable proposal for a technical behaviour;
 3. The proposal in 2 would truly fix point 1;
 4. The proposal does not add liability onto volunteers;
 5. The proposal does not work to make it impossible for people to
    provide a free public service, by constructing or preferentially
    facilitating a regime in which only nation-state favoured operators
    are able to safely provide the service without fear of retribution;
 6. The proposal does not give any nation, or treaty-established body,
    the authority to decide which keys are permitted to exist or which
    users are permitted to have privacy; (for the rationale for
    'treaty-established body', look up "policy laundering");
 7. The proposal does not lock in a favoured set of users.

Some thoughts on things that might help:

A keyserver pool which only contains keys in the strong set prevents
people attending keysigning parties from being able to get their keys
signed, so on its own does not work.  Setting up keyserver pools
containing only keys in the strong set, automatically pulling from the
complete pull, would let folks normally use the strong-set keyserver
pool and only reference the complete one when actively in a frame of
mind in which they're considering how to verify a key.

Automatically discarding from indices any key which hasn't had a new
self-signature in the past five years.  The key can still be present,
but the index and search don't need to report it by default.  If your
key disappears and has just been dormant, then issue a new self-sig on
your key and re-push it.  (Using "any signature" would let Eve
maliciously keep Alice's old key alive.)

Setting up restricted keyserver pools, based on local national
frameworks for notaries, is in theory a reasonable thing, provided that
the legal basis for this does not penalize the international pools.  The
trouble would be in ensuring that penalization doesn't come later.  I'm
sceptical that this could be safely done: too many people profit from
creating national ghettos to keep the unwashed masses in line.

- -Phil


More information about the Gnupg-devel mailing list