key question

Sat Feb 27 17:22:27 CET 2010

On 2/27/10 9:58 AM, David Shaw wrote:
> Do you really mean to suggest that a US authority getting email 
> headers - even without a warrant - is easier than typing a name into 
> a search box on a keyserver?

No.  You're right, that's clearly easier.  However, that only tells you
whether someone has the technical capability to use encryption -- much
the same way that a shotgun in my closet tells you I have the technical
capability to commit murder.

Generally speaking, law-enforcement is much more interested in whether a
capability is exercised than if a capability exists.  Checking the
keyserver network reveals the capability; it doesn't reveal if it's been
exercised.

As a result, the possibility of law-enforcement officers checking the
keyserver network doesn't seem to be a strong argument against the use
of the keyserver network.

The major exception is if you live in a jurisdiction where possession of
crypto is itself a criminal offense.  If you live in Cuba and you're
using GnuPG, then you should not have your key on the servers and you
have a perfectly reasonable fear about people uploading your key there.

> In any event, Rob, could you do me a huge favor and clarify what 
> statement you are trying to make here?  Jumping into a mail thread 
> late is always fraught with misunderstanding, but, I've re-skimmed 
> the thread, and I'm honestly still not sure what you're trying to 
> say.

His position seems to have shifted.  At some points he's said,

"What's not to agree with in my statement that not everybody wants to
put their keys on the keyservers?"

I fully agree with this.  However, he also seems to be advocating the
advice of "generally speaking, it's a good idea to put keys on the
keyservers" be changed to "generally speaking, it's not a good idea to
share public keys without the key owner's explicit permission."

This is a pretty big change in the conventional wisdom.  Before I'll
sign on to that I'll have to see some strong reasoning, and I haven't.

> It seems (and I could be utterly wrong), that MFPA is saying "Not 
> everyone wants their key on the keyservers, so please don't 
> automatically send other people's keys there.  If the key owner
> wants the key on the keyservers, he'll send it himself."

MFPA has made it clear his objection applies to any kind of sharing of
public keys without the owner's consent.  It's not limited to the
keyserver network.  He considers it the equivalent of passing on
someone's home address to a complete stranger.  ("I would no more
deliberately publish somebody's key without their consent than I would
pass on their phone number or address.")

For myself, I do not send keys up to servers without first checking it
with the recipient.  This seems like good manners to me.  However, I
don't view it as mandatory and I don't think we should view it as the
appalling breach of morality that MFPA seems to.

> "This is not based on good logic as I see it, and therefore....
> (something)."   What's the "(something)"?

That the status quo ante is upheld.  Status quo ante being, "the
keyservers are generally a good idea, and generally speaking they should
be used, and people should expect their public keys will wind up on them
sooner or later, either through their direct action or through the
accidents of others."

It is not universally applicable advice, but I think that as far as
general advice goes it's pretty good.