German ct magazine postulates death of pgp encryption

Kristian Fiskerstrand kristian.fiskerstrand at
Tue Mar 3 16:20:34 CET 2015

Hash: SHA512

On 03/03/2015 01:50 PM, Hans of Guardian wrote:
> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
> On 02/27/2015 12:43 PM, Hauke Laging wrote:
>>>> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
>>>>> Maybe implementation with an opt-in could preserve
>>>>> publishing of faked keys on public keyservers?
>>>> We need keyservers which are a lot better that today's. IMHO 
>>>> that also means that a keyserver should tell a client for
>>>> each offered certificate whether it (or a trusted keyserver)
>>>> has made such an email verification.
> The keyservers have no role in this, they are pure data store and 
> can never act as a CA. That would bring up a can of worm of
> issues, both politically and legally, I wouldn't want to see the
> first case where a keyserver operator was sued for permitting a
> "fake key" (the term itself is very misleading, the key itself
> isn't fake at all, but a fully valid key where the UID has not been
> mated to its holder through proper validation).
>> The standard PGP keyserver pool is a mess with racist spam, lost 
>> keys that will be there forever, etc.  The concept of email 
>> validation is very very common and proven in internet service 
>> providers.

And anyone is free to set up a CA that performs this validation and
signs the returned key.

>> It is time for OpenPGP keyservers to join the rest of the
>> internet.

They are already quite up to date, SKS 1.1.5+ (development master)
even supports the experimental Ed25519 draft used by GnuPG. What you
are proposing here isn't about joining the rest of the internet, it is
about subverting the security by introducing a false sense of security
and even worse, that opens up well known attack vectors.

By the way, an OpenPGP key is fully valid without any email address as
part of any UID.

- -- 
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Acta est fabula
So ends the story


More information about the Gnupg-users mailing list