Infrastructure support for GnuPG post-quantum keys
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Jan 6 22:58:52 CET 2025
[i removed have at anonymous.sex; never did such..]
Michael Richardson wrote in
<20925.1736187277 at obiwan.sandelman.ca>:
|Werner Koch via Gnupg-users <gnupg-users at gnupg.org> wrote:
|> There is one remaining reason for having a network of synced
|> keyservers: To distribute revocations.
|
|> Lookup of keys by anything other than a fingerprint has no more
|> justification. And for that feature a simple distibuted storage for
|> revocations would be better than the complex keyserver software we have
|> today.
|
|So if we mapped key IDs to convenient directory sized blocks, we could just
|use rsync?
|
|> - Distribute the key along with your mail address using the Web Key
|> directory.
|
|aren't there also proposals to do this via special mime types?
"Problem" is that .asc is not only used for key distribution, but
also for normal signatures. Iirc this at least bites the original
intent.
I should reread all of PKI etc.
A combination of DKIM and special email addresses which send
emails which are signed and include the public key so that the
email can be used to verify itself also seems a cryptographically
verifiable thing (if it is).
And if only ever DNSSEC would be supported by the giants...
(I still cannot believe that these post quantum things will all be
so terribly huge data things.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|
|In Fall and Winter, feel "The Dropbear Bard"s pint(er).
|
|The banded bear
|without a care,
|Banged on himself for e'er and e'er
|
|Farewell, dear collar bear
More information about the Gnupg-users
mailing list