recommendation for key servers

Jean-Jacques Brucker jeanjacquesbrucker at gmail.com
Mon Jun 28 11:41:43 CEST 2021


"Hell is paved with good intention."

GDPR came from the laudable intention of limiting the power of GAFAMs 
and other data brokers, inside our private lives.

But the text maintains a confusion between personal data and private 
data. Some personal data is not and should not be private. Email could 
be one of them, if everyone used a web of trust, which would allow us to 
know more precisely who is the sender, and to fight more effectively 
against SPAM.

(NB: In addition, the text annoys small organizations more than large 
groups which have the means to circumvent it, via internationalization 
and lobbying)

I have a public email, and i would like to have a email service or 
client which may delete automatically unsigned messages, and give me the 
feature to order received email depending from a "proximity" regarding 
the WOT, or a "confidence" regarding my trustdb.

About the keystore, I imagined 9 years ago that a key server receiving a 
certificate update, not signed by its owner, could send a message to the 
owner (by default 1 time per day), in order to ask it to validate, or 
not, the modifications, before synchronizing the updated certificate, 
signed by its owner, on other key servers.

So I had to write a draft and start implementing a new MIME type for 
HTTP for these purposes, to upgrade HKP protocol :

https://github.com/Open-UDC/open-udc/blob/master/docs/rfc/HTTP_OpenPGP_Authentication.draft.txt

https://github.com/Open-UDC/thttpgpd

But unfortunately I was perhaps too shy to talk about these ideas on an 
international mailing list, and they received little echo in my French 
environment :

https://linuxfr.org/users/jbar/journaux/thttpgpd-ou-comment-openudc-a-ressuscite-le-bon-vieux-thttpd


Today WKD / WKS seems to me a good compromise for the trilemma keystore, 
and probably the best way to get the last version of 
"first-party-attested" certificates, which fresh uid / sub-keys updates 
and revocations.

But it's only today that I discovered your git repository 
https://gitlab.com/openpgp-wg/rfc4880bis and your idea of 
​​"first-party-attested third-party certifications" (1pa3pc).

I therefore apologize if I do not add anything new or interesting to the 
debate today.

----
Jean-Jacques B.


Le 28/06/2021 à 01:41, Jason Harris via Gnupg-devel a écrit :
>
> There are still SKS servers running, but several are unsynchronized, 
> including, apparently, pgp.mit.edu.  Of course, they have the same key 
> import/poisoning problems already mentioned on these lists…
>
> Here are the hockeypuck servers I could find, all synchronizing 
> properly and apparently exchanging data (minus the unwanted packets) 
> with the SKS servers that are synchronized:
>
>   * http://keys.andreas-puls.de/pks/lookup?op=stats
>   * http://keys2.andreas-puls.de/pks/lookup?op=stats
>   * http://keys3.andreas-puls.de/pks/lookup?op=stats
>   * http://pgp.cyberbits.eu/pks/lookup?op=stats
>   * http://pgp.re:11371/pks/lookup?op=stats
>   * https://pgpkeys.eu/pks/lookup?op=stats
>   * https://keybath.trifence.ch/pks/lookup?op=stats
>   * https://keyserver.trifence.ch/pks/lookup?op=stats
>
> HTH.  (Please excuse the HTML.)
>
> Sent from my iPad
>
>> On Jun 24, 2021, at 7:19 PM, deloptes via Gnupg-devel 
>> <gnupg-devel at gnupg.org> wrote:
>>
>> 
>> Hi, we heard that sks-keyservers.net <http://sks-keyservers.net> will 
>> be depreciated
>> so we were wondering what service we should use in the application 
>> default settings
>> We I mean TDE devs
>>
>> where do we go from here?
>>
>> thank you in advance
>> BR
>> _______________________________________________
>> Gnupg-devel mailing list
>> Gnupg-devel at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210628/32529101/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xA3983A40D1458443.asc
Type: application/pgp-keys
Size: 40225 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210628/32529101/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210628/32529101/attachment-0001.sig>


More information about the Gnupg-users mailing list