Request for Discussion: new/PubKeyDistributionConcept/FallbackServer

Werner Koch wk at
Tue Jun 14 20:13:57 CEST 2016

On Tue, 14 Jun 2016 17:34, neal at said:

> This is where we disagree.  I think it will be harder to get MSPs to
> upgrade, because they will say something like: hey, we already have
> the solution that you wanted!  And, this new one only adds additional

The problem is that CONIKS is an entirely new system with many open
questions.  What they have is a prototype but zero experience with
deployment.  Further, CONIKS is an entirely new service to deploy which
requires new infrastructure (servers, HSMs, failure procedures, and so
on) and requires the involvement of several departments at an ISP.

I got from a large provider a quote of 200kEUR of internal costs for
setting up that simple and standard Web Key Directory method.  How much
do you think will it need to deploy an entirely new service which has
only a Java prototype implementation right now and is missing the parts
of the protocol.

> malicious.  See google's fight to get CAs to implement certificate
> transparency.

Well, if you want to call a heavyweight against a flyweight a fight ;-)



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: */

More information about the Gnupg-devel mailing list