"David E. Smith" <dsmith@prairienet.org> writes:

Over the last couple of weeks, I've noticed a lot of subscribers who PGP clearsign their messages, but who haven't uploaded their keys to any of the public keyservers.

Those keys are most useful when they're available to people who might want to use them, so I'm asking those of you who haven't sent them to a keyserver to do so.

I, for one, make it a point of never using the PGP public key servers. I make my key available by finger, and always check for people's keys through finger. The problem with the PGP public key servers is that one has absolutely no control over what gets uploaded there in one's own name. If someone really wanted to prevent me from using PGP, for example, that person could just upload 500 different PGP keys to the key servers all with my E-mail address as the key ID. Even if you already have a PGP key of someone you trust who has certified my key, are you really going to verify all 500 other keys until you find the one that is certified by the real trusted person? Moreover, what's to stop someone from downloading my key, adding an ID "kkk grand wizard", signing it with a fake "David Duke" key, and uploading the new signature to the PGP servers. I don't want anyone to be able to put such things on my PGP key in the place where most people will go looking for it first. Deleting a key from a PGP key server is probably even more difficult than getting an error corrected on your credit report. Even if one keyserver deletes it, it will probably end up propagating there again from another server. The finger approach is far from perfect, because not everyone can run a finger daemon accessible to the net at large. Moreover, even people with PGP keys in their .plan files often can't be fingered at their mail hubs (in fact, people often receive E-mail at addresses which are only DNS "MX records" which don't have corresponding IP addresses). Thus, I'm not saying finger is the solution. However, at least people have control over the plausible PGP key finger locations in a way that fits sensibly with the key ID's sought. In other words, if I have absolutely no affiliation with Berkeley, I should not be able to stick a PGP key with an ID ending "<..@cs.berkeley.edu>" where people will primarily look for such keys. (Of course I'm welcome put the key any other place I have access to.) Note finally that the key distribution problem addressed by the key servers has nothing to do with key certification. I think one of PGP's greatest strenghts is that anyone can certify any one else's public key. I hate the idea of a hierarchical system where you might have to pay $20 and wait 3 days to get a public key (Verasign I gather does this for SSL certificates, though the cost/wait are probably completely different). Thus, while I'm advocating some kind of hierarchical key distribution mechanism, I absolutely don't want to see that kind of structure imposed on key certification. In fact, the key distribution problem is just the opposite of key certification in that one wants to prevent unwanted certificates and keys from being interpreted as condoned by the supposed owner of the PGP key. Even if my key really was certified by someone a year ago, if I've now forgotten the passphrase I don't want to keep having people grab my old key. I also don't want random attacks on my character appended to my PGP key where most people will seek it. Finally, for those who desire the "light security" of encrypting with my PGP public key even though they can't verify any of the certificates (and I do get plenty of such PGP-encrypted mail), it might be nice to have a system in place that at least required an active network attack to bypass. You might argue that this would be worse as it would encourage more people to use untrusted PGP keys. However, consider SSH's mechanism whereby it acquires public keys automatically at first and then keeps verifying the keys on subsequent sessions. It's not perfect, but I think it definitely improves the security of the situation. Anyway, if the NSA started mounting massive active attacks from the internet backbones, we would at least find out about it soon enough. [Posted anonymously to prevent some wise guy from getting the brilliant idea of uploading 500 fake PGP keys in my name...]