Mailing List Archive

Re: [openpgp-email] Keyservers and GDPR
On Tue, 6 Nov 2018 17:57, vb@pep-project.org said:

> I'm not of the opinion that key servers are a good idea at all. It's
> a pity that people still follow this wrong idea.

Keyservers are used for several purposes:

1. Search for keys based on the fingerprint ("gpg --recv-key FPR")
2. Search for key recovations ("gpg --refresh-key")
3. Search for keys based on the user id. (e.g. "gpg --search-key")
4. As a distribution medium for key signatures.
5. As a distributed and searchable storage.

The first two purposes are quite useful because they allow to verify
signatures made by yet unknown keys. Retrieving the keys is no data
privacy problem because by signing and sending a mail the sender has
already provided all these information. There is nothing which can
replace these purposes because a key does not necessary need to have a
mail address and even if so, any mail address based lookup can fail
after the mail address is not longer in use, the account has been
disabled, etc. Fingerprints are are globally unique and need not be
associated with a mail address.

Purpose 3 is what we call key discovery and indeed keyservers are the
wrong way to do this. In most cases we want to map a mail address to a
key and have some kind of reliable mapping. Keyservers which are just a
pile of keys don't allow for this. Back then when encryption was young
and the internet was a friendly place search for keys worked in most
cases. But the times have changed and the bona fide search is useless.

Purpose 4, distribution of key signatures, worked as long as people
didn't used the key listings of the server or tools for more or less
funny messages. Uploading key signature should be possible only by the
holder of the key. However, to enforce this the keyservers need to
employ real crypto and won't be a lean service anymore. I think the
distribution of keyservers, for those who still want to use the WoT,
can be replaced by sending the signed keys only back to owner. In fact
tools like caff suggest this use case.

Purpose 5 is not relevant for OpenPGP key distribution and actually the
reason why the keyserver network has more or less broken down.

My suggestion is limit the keyservers to the purposes 1 and 2. This
can in practice easily be done by removing the search by user-id
interface form the keyservers and, on the client site, by discovering
keys using other methods (e.g. Web Key Directory). Having no searchable
interface to the keyservers make them less attractive for abuse (as in
purpose 5) and avoid some privacy issues (white pages without user
consent).

It is likely that gpg will eventually change its --search-key command to
do the equivalent of --locate-key but without checking the local
keyring.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: [openpgp-email] Keyservers and GDPR [ In reply to ]
On Tue, 6 Nov 2018 17:27, amm@datenreisen.de said:

> I do roughly recal that such a verification process has been discussed for
> the SKS keyservers at one of the pgp-summit before, but i wonder what
> happened to the idea. However, if it that is “good enough” to be compliant

This requires that there are no rogue keyservers in the network and that
in turn means that they are under the control of a single entity. Or
in short, let Google take care of it.

Such verification will be a single point of failure and it would be
trivial for governments or corporations to take down a key.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: [Autocrypt] [openpgp-email] Keyservers and GDPR [ In reply to ]
Hi,

On Wed, 2018-11-07 at 10:13 +0100, Werner Koch wrote:
> This requires that there are no rogue keyservers in the network and
> that
> in turn means that they are under the control of a single entity.
It depends on your use case, but you might be happy enough if you have a
proof of who introduced the malicious data.

That said, you might as well establish a network adhering to certain
rules run by people who are trusted enough by its users. That may not
necessarily be Google, but the EFF, the CCC, or the DPAs of the EU
member states.

Cheers,
Tobi


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel