dshaw at jabberwocky.com
Sat Dec 17 16:42:04 CET 2011
On Dec 17, 2011, at 10:25 AM, Jerome Baum wrote:
> On 2011-12-17 16:17, David Shaw wrote:
>> It's an interesting server, with different semantics than the
>> traditional keyserver net that we were talking about earlier. Most
>> significantly, it emails the keyholder (at the address on the key)
>> before accepting the key into the server. It also signs keys that
>> are submitted to it, which allows people to leverage this email
>> checking in their own trust calculations, but can also "litter" keys
>> with repeated signatures. If I recall, it is (or perhaps was) the
>> default keyserver for PGP installations.
> I doubt the validity of those automated checks and checks on the email
> anyway. What constitutes "owning" foo at example.com? To legitimately
> verify this you would need to look at the domain history, conclude who
> the legit owner of the domain is, contact that owner and then follow the
> delegation chain to reach a real person.
> Any technological solution to the problem is easy to compromise:
> Accounts can be compromised, domains stolen, DNS isn't safe either and
> the mail server could be penetrated. The only way to know if someone
> legitimately uses a given email address is to verify the _human_
> delegation chain. A computer cannot do that in the current setup.
Yes. The PGP folks say as much on the site. This was extensively discussed when the server was first put in place. The intent is not to be all things, but rather to be better than just trusting any key based on some text string (i.e. doing nothing). There are those who disagree that this is better, and of course, nobody is forcing them to use the server.
More information about the Gnupg-users