looking up pgp keys

Hauke Laging mailinglisten at hauke-laging.de
Thu Sep 12 16:10:53 CEST 2013 

Am Do 12.09.2013, 09:53:07 schrieb Robert J. Hansen:
> On 9/11/2013 9:20 PM, Hauke Laging wrote:
> > If the WoT is ever to be taken seriously (the obvious comparison is the
> > signature law with its requirements for CAs) then this MUST be(come) the
> > server's responsibility.
> 
> Why?

The answer is above. An unreliable system is inacceptable from legal 
perspective.


> There is no requirement that
> people update the keyservers when they change their certificate.  Nor
> could such a requirement possibly ever be enforced.

I am not talking about the users but about the keyservers. It's perfectly OK 
for a user not to care about his key. Of course, he is liable for the damage 
caused by that (this is not special to crypto but the case everywhere in 
life). But the public must be capable of proving that he didn't.


> > On the other hand you must be capable of proving that you have revoked
> > your key at a certain date (and time).
> 
> Requires a trusted third party to do timestamping.

It's enough that the keyserver does the signing.


> > We need a much better keyserver infrastructure before the OpenPGP user
> > numbers explode...
> 
> I've been hearing "we must do X before OpenPGP takes off" for the past
> 20 years.  After seeing many, many Xes go by, I'm deeply skeptical of
> this claim.

This may be a language problem. My statement was not meant as cause and result 
("If we improve the keyservers then we will as a result of that see a big 
increase of the OpenPGP users.") but as a warning: The numbers will explode 
anyway (even if GnuPG and the keyserver software don't change at all) but we 
will run into problems if we do not manage to improve the keyserver software 
in time.

So you are welcome to be skeptical but about the right claim, please... ;-)


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130912/43aadca2/attachment.sig>

More information about the Gnupg-devel mailing list