Request for Discussion: new/PubKeyDistributionConcept/FallbackServer

Neal H. Walfield neal at
Tue Jun 14 17:34:39 CEST 2016

On Tue, 14 Jun 2016 17:14:27 +0200,
Werner Koch wrote:
> On Tue, 14 Jun 2016 15:29, neal at said:
> > So, no, WKD is not add a "medium" amount of validity to the key.  In
> I fully agree.
> > Note: it would be possible to save this scheme if we augmented WKD
> > with something like Coniks [1], but Werner doesn't like this, because
> > it adds complexity and will take too much time to implement and we
> Nope, I like it but know how hard it will be to deploy certificate
> transparency for offline protocols out of the blue.

I think that is what I said: you don't like it *because* of the
required effort.

> First things first: we need to tackle the problem that keyservers are
> not anymore useful to find the key for a given mail address.  Thus we
> need to _deploy_ a system for reliable key discovery.  Then, while the
> TLAs are busy locating budgets for mass intrusion into computers, we
> start to deploy a monitoring system to detect malicious mail providers.
> And we need to hope that on the political edge data sabotage by TLAs
> will be prevented.

This is where we disagree.  I think it will be harder to get MSPs to
upgrade, because they will say something like: hey, we already have
the solution that you wanted!  And, this new one only adds additional
complexity, but it increases their liability, because it can be proven
that they either didn't take care of their systems or they were
malicious.  See google's fight to get CAs to implement certificate

:) Neal

More information about the Gnupg-devel mailing list