Biglumber Keyserver (was: Global Directory signatures)

Randy Burns minnesotan at runbox.com
Fri Dec 31 16:29:47 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --- Greg Sabino Mullane <greg at turnstep.com> wrote:

> I've been working on this problem for a while, and finally had
> a chance during this past break to hash out some final issues.
> I'm going to be expanding biglumber soon into a "real"
> keyserver. However, it's going to be a little different from
> other keyservers. The main difference is that the owner of a
> key will have complete control of their public key. This means
> that (for example)

> - --recv-key will work, but --send-keys may* not.

> If you want to make a change to your public key, you must
> authenticate (currently via web/email, but either alone
> someday). In addition, the keyserver will only have entries
> from people who are either in the strong set or who have added
> their key to biglumber directly. I consider the fact that
> anyone can upload another person's changed public key to a
> keyserver a potential Denial of Service, and thus will not
> allow it.

> * Keys in the strong set will be allowed to be updated
> "anonymously" until such time as the owner logs in to
> biglumber, at which point it switches over to a "owner update
> only" key.

- ---------------------------------------------------------
gpg: Signature made 12/31/2004 01:20:13  using DSA key ID
14964AC8
gpg: Good signature from "Greg Sabino Mullane
<greg at turnstep.com>"
gpg: WARNING: This key is not certified with a trusted
signature!
gpg:          There is no indication that the signature belongs
to the owner.

Primary key fingerprint: 2529 DF6A B8F7 9407 E944  45B4 BC9B
9067 1496 4AC8

Time: 12/31/2004 9:09:03 AM (12/31/2004 3:09:03 PM UTC)
- ---------------------------------------------------------

It sounds like a great resource for PGP/GPG users everywhere,
but what about the costs--bandwidth, bug tracking, and time
communicating with "customers"? Maybe bandwidth is not much of
an issue with PGP keyservers--I don't know. But, I like to see
people get paid for their work, and their time educating users.

No good deed goes unpunished. :-)

Good Luck, Randy



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGshell v3.23
Comment: public key: www (dot) randyburns (dot) org

iD8DBQFB1W72O1wFkBRYxW8RAvobAJ0bQIa5q1YToQ2gvUoH733bDr4OSwCdHA1+
6rszMjav2/xtk4mSGnXyZsk=
=SE2Q
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list