German ct magazine postulates death of pgp encryption

Werner Koch wk at gnupg.org
Fri Feb 27 20:56:00 CET 2015


On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said:

> that anyone can upload _every_ key to a keyserver is an issue. If
> keyservers would do some sort of verification (e.g. confirmation of
> the email addresses) then this would lead to much more reliable data.

We have such a system. It is called S/MIME.

Ever tried to find an S/MIME (X.509) key (aka certificate) for an
arbitrary mail address?  The only working solution to get such a key is
by sending a mail and asking for the key.  You can do the very same with
PGP of course.  Keyservers along with visting cards are much nicer.

So, why is there no public service to distribute X.509 keys?  Because
nobody want to be legally responsible for such a key unless you push a
stack of money over the table for a qualified signature certificate.

BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut
down for similar legal reasons.  However, it is not a problem, we can
use other keyservers.

> believe that this would make keyservers more trustworthy than today.

There is no trust in keyservers by design.  As soon as you start
changing this you are turning PGP into a centralized system.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list