Keyservers and the future

Radu Hociung radu.gpg at ohmi.org
Thu May 19 21:15:19 CEST 2005 

Hello all,

I'm researching email authentication, and it looks like there is some
promise in using cryptographic signatures. Currently there are hundreds
of millions of domain names, and tens of millions of domain name owners.

Depending on proposal, email authentication would require between 1
key/domain owner and several keys per domain name (ie, between tens of
millions and more than a billion new keys).

One email authentication proposal is DomainKeys. There are others as
well. DomainKeys stores the needed keys in the DNS system, but the DNS
system is spoofable. Also, this key storage architecture does not allow
for trust-signatures, as the key could easily grow in size past the
maximum size of a DNS reply packet (512 bytes). In fact it appears that
the average key length on the keyservers is around 1.2KB.

Different proposals seek to authenticate different parts of the mail
exchange:

- SMTP session
- email headers
- email body

Currently a relatively small population uses PGP to sign the message
body (There are currently < 2.2million keys on the public keyservers).
If email authentication was implemented, the majority of mail traffic
would be signed and verified. This means many more keys need to be
stored on the keyservers. Also, it would require billions of queries to
keyservers during the verification phase(s). Even with locally cached
keys, there would still be lots of queries looking for revocation
information.

This creates the following questions:

1. If future email authentication standards require use of cryptography
(signatures), what is the most scaleable way to distribute and manage
keys? Does OpenPGP have a role to play here?

2. If it became standard for email to be authenticated in some manner,
would the PGP keyserver or a similar architecture based on
synchronization, etc, be a scaleable enough architecture to use?

I know there is some work being done on two next generation keyservers,
CKS and OpenPKSD, and I would like to ask a second question:

3. What is the state of the art in next-generation keyservers, and how
far are we from the 1-billion key capability ? Are the current projects
active still?

4. Are the public keyservers even the right place to look for email
authentication key storage ? Are there other better ideas that should be
explored?

Thank you kindly for any input or comments.
Radu Hociung.

More information about the Gnupg-users mailing list