Hello all,

For about the past month or two, I've been researching and teaching myself
OpenPGP and GnuPG, which led to me attempting to find out what happened to all
the keyservers over the past few years, since many resources on GnuPG reference
keyservers which no longer function. To my understanding, it seems the vast
majority of keyservers (connected via the 'SKS network') were functionally
damaged due to a 2019 'certificate poisoning' attack, and were subsequently
shut down in 2021 due to being unable to comply with the GDPR.

As such, I decided to take a crack at rectifying the design of the keyserver
network. I've written a detailed outline in a GitHub Gist, which I'll link
below. But to give a brief summary, I break down the requirements of a modern
keyserver network into six main criteria, including the storage and
distribution of public keys, the ability to defend against state force, the
ability to withstand the previously inflicted attacks, etc. And to meet these
criteria, I propose the use of metadata in the storage and distribution of
public keys.

In particular, every public key can carry with it three pieces of metadata: a
hash, a detached signature, and a revocation certificate. The hash is unique to
a key upload attempt and the signature is of the hash, generated in the
process of uploading the public key to confirm the client has access to the
private key. The signature is checked to be valid both when uploading and
synchronising the public key. The revocation certificate is given when first
uploading the public key, and if added to the public key itself, will tell the
keyserver to remove most data pertaining to that key.

https://gist.github.com/McDaMastR/d4781ce0fd0e4a0ad60fd85201031f5d

I would be beyond grateful if you could provide some constructive feedback!


Sincerely, Seth.

PGP Fingerprint
82B9 620E 53D0 A1AE 2D69  6111 C267 B002 0A90 0289

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to