Keyservers and the future

Erwan David erwan at rail.eu.org
Thu May 19 21:27:52 CEST 2005


Le 19/05/05 21:15, Radu Hociung a écrit:
> Hello all,
> 
> I'm researching email authentication, and it looks like there is some
> promise in using cryptographic signatures. Currently there are hundreds
> of millions of domain names, and tens of millions of domain name owners.
> 
> Depending on proposal, email authentication would require between 1
> key/domain owner and several keys per domain name (ie, between tens of
> millions and more than a billion new keys).
> 
> One email authentication proposal is DomainKeys. There are others as
> well. DomainKeys stores the needed keys in the DNS system, but the DNS
> system is spoofable. Also, this key storage architecture does not allow
> for trust-signatures, as the key could easily grow in size past the
> maximum size of a DNS reply packet (512 bytes). In fact it appears that
> the average key length on the keyservers is around 1.2KB.


A key is nothing without a way to add a trusted relation between this 
key and the entity you want to authenticate. So I do not think those 
"solutions" are worthwile. Either you accept mail only from people you 
know, or you accept mail only from people who paid some established 
company you have no other reason to trust than te fact this company is 
"well known".


-- 
Erwan



More information about the Gnupg-users mailing list