Keyservers and the future
Erwan David
erwan at rail.eu.org
Thu May 19 21:27:52 CEST 2005
Le 19/05/05 21:15, Radu Hociung a écrit:
> Hello all,
>
> I'm researching email authentication, and it looks like there is some
> promise in using cryptographic signatures. Currently there are hundreds
> of millions of domain names, and tens of millions of domain name owners.
>
> Depending on proposal, email authentication would require between 1
> key/domain owner and several keys per domain name (ie, between tens of
> millions and more than a billion new keys).
>
> One email authentication proposal is DomainKeys. There are others as
> well. DomainKeys stores the needed keys in the DNS system, but the DNS
> system is spoofable. Also, this key storage architecture does not allow
> for trust-signatures, as the key could easily grow in size past the
> maximum size of a DNS reply packet (512 bytes). In fact it appears that
> the average key length on the keyservers is around 1.2KB.
A key is nothing without a way to add a trusted relation between this
key and the entity you want to authenticate. So I do not think those
"solutions" are worthwile. Either you accept mail only from people you
know, or you accept mail only from people who paid some established
company you have no other reason to trust than te fact this company is
"well known".
--
Erwan
More information about the Gnupg-users
mailing list