Keyservers and the future

[Radu Hociung]

Bill Thompson wrote:
> On Thu, 19 May 2005 18:29:30 -0400
> Radu Hociung <radu.gpg at ohmi.org> wrote:
> 
> 
>>The object of trust, however, is a key. Without a key there isn't much
>>to be trusted. The question is ... is the PGP architecture suited to a
>>load of hundreds of millions of keys, or even billions?
>>
>>Are CA's and X509 certificates better equipped to handle the load?
> 
> 
> I think that the PGP "web of trust" may be better suited to this that
> X509/CA's due to the fact that many signatures can be added to one key.

It is exactly this argument that makes me believe PGP to be a better
mechanism.

A few other advantages also.

> I know that the next step in the argument is how can you trust the chain?
> If I sign Alice's key, and she signs Bob's key, does that mean I now trust
> everything signed by Bob?

Perhaps I should explain at least one of the email authentication protocols:

DomainKeys, for instance, works at the transport level. Somewhat like
SSH, where the client and server use one key to encrypt the datastream,
but a different key is used by the user to actually authenticate and log
in. DomainKeys does not encrypt the channel, but it only signs it (it
signs a subset of the message headers as well as the body of the
message). If a recipient domain trusts Yahoo's keys, he can assert that
the mail really came from the Yahoo domain. This is a per-domain
signature, not per-user.

Once a domain (bob.com) trusts that the signing key belongs to the other
domain (alice.com), then it can identify email that genuinely comes from
alice.com. This does nothing more than prevent domain forgeries, as an
attacker forging the alice.com domain.

So, while Charlie at alice.com and David at bob.com don't know or trust each
other, they can be sure that the mail they received really came from the
alice.com domain or the bob.com domain. And it really is the two mail
servers that trust each other, while the users of each domain trusts
that the mail they receive will not be impersonating a different domain.

In this way, DomainKeys-type of technology can ensure that domain name
forgeries do not happen. It would eliminate phishing attacks from
paypal.com and the banks. Of course, how bob.com came to trust
alice.com's domain key is still a problem. Perhaps a trust broker will
be proposed. The problem of trust management may not be as
insurmountable as the problem of reliably detecting spam and phishing
attacks with 100% accuracy.

As the name implied, DomainKeys provides domain-to-domain
authentication, as opposed to applications like Enigmail which provide
user-to-user authentication. It works out that domain-to-domain
forgeries make up a large amount of the current spam and fishing problem
that we're encountering.

I'm not claiming that DomainKeys is the best, but it shows one valid way
that email authentication could be done. Better protocols are in the
pipeline, but sooner or later they all need to publish a key.

Also, there is no claim that DomainKeys eliminates spam. A spammer
domain could have a trusted domain key. Or, mail send by a Yahoo (main
DomainKeys proponent) user could be spam. Mail authentication only
allows one to pinpoint exactly where the spam or ham is coming from,
instead of guessing as is done currently. Thus it is hoped that email
authentication will bring a significant improvement in spam detection
accuracy rates.

That's why I am asking the question: could PGP cope if all, or a
significant proportion of all domains were to enable some kind of email
transport authentication?

Also, there are some competing standards being discussed, each with
their own advantages and disadvantages, and it is likely that a domain
may support one or several mail authentication methods, and perhaps
require several public keys.

I agree that there are challenges to implementing any kind of email
authentication standard, but I would like to find out the extent to
which key storage and distribution is one of those challenges. PGP is a
possible solution, but the PGP keyserver seems to not be as scalable as
necessary to be specified as supporting technology for something as
widespread as email.  So the question is... can PGP be a viable support
technology, and/or is the development of it heading in a direction that
makes it a candidate for email authentication?

I have also noticed that while there was a surge of PGP keys in the
90's, there are comparatively few keys being uploaded to the public
servers in recent years. I do wonder why?

Thanks,
Radu.