Hello all, For about the past month or two, I've been researching and teaching myself OpenPGP and GnuPG, which led to me attempting to find out what happened to all the keyservers over the past few years, since many resources on GnuPG reference keyservers which no longer function. To my understanding, it seems the vast majority of keyservers (connected via the 'SKS network') were functionally damaged due to a 2019 'certificate poisoning' attack, and were subsequently shut down in 2021 due to being unable to comply with the GDPR.
As such, I decided to take a crack at rectifying the design of the keyserver network. I've written a detailed outline in a GitHub Gist, which I'll link below. But to give a brief summary, I break down the requirements of a modern keyserver network into six main criteria, including the storage and distribution of public keys, the ability to defend against state force, the ability to withstand the previously inflicted attacks, etc. And to meet these criteria, I propose the use of metadata in the storage and distribution of public keys. In particular, every public key can carry with it three pieces of metadata: a hash, a detached signature, and a revocation certificate. The hash is unique to a key upload attempt and the signature is of the hash, generated in the process of uploading the public key to confirm the client has access to the private key. The signature is checked to be valid both when uploading and synchronising the public key. The revocation certificate is given when first uploading the public key, and if added to the public key itself, will tell the keyserver to remove most data pertaining to that key. https://gist.github.com/McDaMastR/d4781ce0fd0e4a0ad60fd85201031f5d I would be beyond grateful if you could provide some constructive feedback! Sincerely, Seth. PGP Fingerprint 82B9 620E 53D0 A1AE 2D69 6111 C267 B002 0A90 0289
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
