German ct magazine postulates death of pgp encryption

Hans of Guardian hans at
Tue Mar 3 14:00:23 CET 2015

On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:

> On Fri, 27 Feb 2015 17:26, patrick at said:
>> that anyone can upload _every_ key to a keyserver is an issue. If
>> keyservers would do some sort of verification (e.g. confirmation of
>> the email addresses) then this would lead to much more reliable data.
> We have such a system. It is called S/MIME.
> Ever tried to find an S/MIME (X.509) key (aka certificate) for an
> arbitrary mail address?  The only working solution to get such a key is
> by sending a mail and asking for the key.  You can do the very same with
> PGP of course.  Keyservers along with visting cards are much nicer.
> So, why is there no public service to distribute X.509 keys?  Because
> nobody want to be legally responsible for such a key unless you push a
> stack of money over the table for a qualified signature certificate.
> BTW, even the DFN PGP keyserver ( had to be shut
> down for similar legal reasons.  However, it is not a problem, we can
> use other keyservers.
>> believe that this would make keyservers more trustworthy than today.
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

Services like with poor security practices are going to rapidly take over from the PGP keyserver pool because they address side of the human interaction, unlike the PGP keyservers.  They are easy to use and the follow the very common interaction patterns that basically all web services these days use. That must also be considered when thinking about security.  The PGP keyservers need email validation not as a way to provide any kind of "trusted" status of that key, but rather so enable people to delete keys that should no longer be there, and to prevent keyserver spam and vandalism.  For a good example, search for Richard Stallman and you will see how badly the PGP keyservers are failing.

Another common scenario is that people make mistakes when learning how to use PGP.  There is a common mistake of generating a key to play with, publishing to the keyserver, then deleting.  That key will then be on the keyserver forever with no way to delete it.  That is terrible both security-wise because it is confusing for people who are searching for keys, and it is terrible human-interaction-wise because it adds pointless noise when searching for keys.


More information about the Gnupg-users mailing list