Tor and keyservers (was: Key selection order)

Lachlan Gunn lachlan at
Wed Feb 24 15:12:45 CET 2016


Sorry to bring this thread back from the dead, but now that I have a
preprint out I can elaborate a bit more on my motivations for this
previous discussion.

I've spent a little bit of time investigating the use of Tor to create
an interactive protocol for auditing keyservers, the idea being that if
Tor works well and is properly configured and used, a keyserver can't
tell who is who when two requests come in simultaneously.

The idea is that you continuously make requests, perhaps a few times an
hour, for your own key.  Then, when you want to verify someone else's
key, you do the same thing for a certain number of requests, make sure
the responses are all the same, and then wait for a bit to make sure
that the other party hasn't reported receiving different several
different keys.

This is obviously fairly simplified---you probably want to verify a
Merkle tree rather than an individual key, you need some way for a
person to publicly report failures, a reliable and correctable way of
selecting a key from the search results, etc.  The paper and prototype
are here if anyone is interested.

Apologies if this is too far offtopic, but since it's PGP-related and
explains my previous cryptic questions about selecting keys, I thought
someone perhaps might be interested, even if only for some closure.  I'd
certainly appreciate any thoughts that anyone might have.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160224/3b16da5a/attachment.sig>

More information about the Gnupg-users mailing list