I was awake a bunch last night, and I was pondering the six points that Seth
made.  I am more and more concerned with having key servers have access to
revocation (certificates), and I have no understanding how this will work with
key server to key server communication.  It seems to me that there is no way
to keep those revocation blobs from becoming public, and therefore abused.
That seems the biggest risk to me.

I think that that the place where we actually need to differ from the past is
actually the flood-fill between key servers.  I think that's probably not
going to work.  Effectively, each key server (organization) needs to make
contact with the key owner to establish right to publish key.  And that needs
to expire.

Autocrypt seems like the right way for key servers to interact with users.
Effectively, what we want is a kind of STAR:

   Support for Short-Term, Automatically Renewed (STAR) Certificates in the
   Automated Certificate Management Environment (ACME)
   RFC 8739

specifically, keyservers will stop publishing keys that they can't confirm
that the user actually still wants published.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to