key question

Sat Feb 27 21:23:25 CET 2010

On Feb 27, 2010, at 3:02 PM, David Shaw wrote:

> Much as the email headers do in your example.  If the mail is not encrypted, the headers just show that it might be.  In practice, headers won't show much as the majority of modern mail programs have the capability for encryption of one sort or another, even without add-ons.  It's rarely exercised, of course.

Yes and no.  I think the presence of an Enigmail header, for instance, is probably more indicative of encrypted traffic than just someone's key being present on a server.  Still, this is kind of a side show.  What started this was MFPA's contention that just by having your key on the keyserver network you could be bringing yourself to the attention of government investigators.

When a murder victim is found, the police start looking for the murder weapon.  They don't start by looking at all possible murder weapons and hope to find a murder victim nearby.  Likewise, if the police find encrypted traffic on a suspect's laptop they will begin to search for the originator of the traffic.  They're not likely to start by rounding up the usual suspects found by harvesting the key server.

There are exceptions to this rule.  I mentioned Cuba, where possession of crypto is itself a crime (or was, last I heard: if there are any Cubans on the list, I would love to know if this is still true).  That said, exceptions to a rule are expected -- there are few rules so general they do not admit exceptions.

> I agree that "generally speaking, it's a good idea to put keys on the keyservers".  I don't know if that makes it conventional wisdom, or who the arbiter of such wisdom might be, but clearly a very common use of OpenPGP is for encrypted mail.

I likewise have suspicions and doubts about conventional wisdom.  (You could just as easily say, "conventional wisdom is that you can tell a lot about someone by the signatures on their key" -- I can see an argument being made for that being conventional wisdom.  It's *wrong*, but that doesn't keep it from being conventional wisdom.)

However, on the scale of conventional wisdom, where on one end there's "never get involved in a land war in Asia" and "never go against a Sicilian when death is on the line," [1] and on the other there's "the signatures on a key tell you a lot about a person", I think the conventional wisdom of "generally speaking, it's a good idea to put keys on the keyservers" is closer to the former category than the latter.  :)

Admittedly, I am no arbiter of what's conventional wisdom.  The preceding is just my own personal interpretation of what prevailing CW is.

[1] http://www.imdb.com/title/tt0093779/quotes

> With regards to the second statement, you give a great reason yourself a few paragraphs up: "If you live in Cuba and you're using GnuPG, then you should not have your key on the servers and you have a perfectly reasonable fear about people uploading your key there".  Is that not a good reason to request that a key stay off the keyservers?

I think it's a great example of a clear exception to a general rule.

> So you are saying "I do not do this".  And MFPA is saying "I think nobody should do this" ?

Not really.  That's a side issue.

The real question is this:

"The status quo is that new users are routinely told, 'generally speaking, it is a good idea to upload your key to the keyservers.'  Does this need to change?"

> Where's the problem?

He says "yes and here's why," and I say, "your arguments do not appear sound, and here's why."