looking up pgp keys
Hauke Laging
mailinglisten at hauke-laging.de
Thu Sep 12 14:50:14 CEST 2013
Am Mi 11.09.2013, 21:25:42 schrieb Phil Pennock:
> So who or what are you wanting to trust, and under what circumstances?
This is less about trust and more about proof. To make this clear: It is also
not about making regulations for existing keyservers. I want a widely used
keyserver software to offer (not force) the necessary features so that e.g.
mail providers can easily decide to set it up for their domains. The
responsibility to mark such a reliable keyserver as preferred keyserver would
be up to the user.
> The moment you start talking about compliance with signature law, I
> infer that you expect the keyservers to be liable for any malicious data
> present, even if validation has occurred but the attacker worked to
> deceive multiple people to get their data in.
I am not talking about data at all. I am talking about a proof: "This is what
this key looked like on this keyserver at this time." Checking the data would
be a different feature.
> liability being to a public which is too often misled by persuasive
> idiots who don't understand the basic principles of the components
> they're talking about.
Indeed, the general knowledge level is really bad. Thus I have started this
some time ago (German only, though):
http://www.openpgp-schulungen.de/fuer/webautoren/
I read articles about OpenPGP on the web and try to correct them. One problem
is though: Often articles are bad not only due to real errors but due to the
lot of stuff they don't mention...
> The most forgiving interpretation is that you want the server operators
> to have performed some kind of filtering,
I do want the technical possibility for filtering (you give the reason for
that yourself later in the mail) but that is a completely different feature.
Filtering does not have any relevant relation to the state of a key at a given
point in time.
> lawsuits
> reality shows that the filtering would never be complete. It would
> never be complete because there's no true definition of what should be
> filtered out.
The whole offline world does not work by "true definitions". It works by
imprecise definitions and people complaining. The moment someone says "I want
that removed" you can either accept that and remove it (and maybe inform the
one who caused the content) or take it to court. That's the case for web sites
and everything. Why should keyservers be handled differently? What we need
(and are going to get) is a simple but obligatory system by which someone can
make such claims (and can be held responsible for making such claims).
> Please, please don't bring laws into this if you want to continue to
> benefit from a public service provided for free by volunteers.
As I said: I do not want to force anyone to offer the technical abilities. But
for the filtering: As you (indirectly) mention yourself later the legal
situation in Germany and probably more or less everywhere in the civilized
world is already that you must filter. If you don't then you may run into
trouble if somebody complains. Being a volunteer is nice but does not relieve
you from general legal duties. It doesn't with webservers why should it with
keyservers?
Thus my demand for filtering (as a different feature than the one I started
talking about) is not to trigger legal problems but to solve those which are
already where.
> 1. It outlines what the proposal considers broken in the existing
> system;
Didn't I?
> 2. Has a real actionable proposal for a technical behaviour;
The keyserver must frequently offer a direct or (for performance reasons)
indirect signature for each key showing the state of the key at the time of
the signature.
> 3. The proposal in 2 would truly fix point 1;
yeah
> 4. The proposal does not add liability onto volunteers;
You are sure that you don't mix up "constructive" with "convenient for me"...?
> 5. The proposal does not work to make it impossible for people to
> provide a free public service
yeah
> 6. The proposal does not give any nation, or treaty-established body,
> the authority to decide which keys are permitted to exist or which
> users are permitted to have privacy; (for the rationale for
> 'treaty-established body', look up "policy laundering");
yeah (But: The existing law already defines that.)
> 7. The proposal does not lock in a favoured set of users.
yeah
> A keyserver pool which only contains keys in the strong set
I guess what we will see is not that but keyservers which serve certificates
for their domains only. This solves the scaling problem: Those with millions
of email addresses do have the necessary resources for keyservers on that
scale.
> Setting up restricted keyserver pools, based on local national
> frameworks for notaries, is in theory a reasonable thing, provided that
> the legal basis for this does not penalize the international pools.
Usually you don't have to care about the law in countries other than yours.
Though we already had a counterexample for that: The braindead European Union
decided years ago that people should (as a side effect) be held reliable for
things that are illegal in another country only. The German constitutional
court was required to intervene in order to stop this bullshit. Turned out
very embarrassing for the federal government (which the stupid people happily
reelect though...).
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130912/439d745d/attachment.sig>
More information about the Gnupg-devel
mailing list