Re: Turning off keys.fedoraproject.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Josh Boyer wrote:
> > We may want to replace it with a simple Web Key Directory server:
> > https://wiki.gnupg.org/WKD
> >
> > That would make it easy to lookup keys based on @fedoraproject.org
> > email addresses, and since keys can be replaced in the directory, it
> > avoids the problems with SKS attacks.  
> 
> I don't see that being valuable enough to actually invest the effort
> into doing it and maintaining it long term.  If others are interested
> in hosting such a service, that would likely be welcome.

If such others were to step up to do the work, would they be able to
get the access needed to run it on Fedora infrastructure and integrate
with FAS?

Note that a Web Key Directory can't be run as a third-party service.
It's a fundamental feature of the protocol that the directory server
exists in the same domain as the email address. Technically a subdomain
could be delegated, but this isn't a thing that should be tossed up on
the first cloud service handy, because an intruder in the server would
be able to replace people's keys and impersonate them.

I think a Web Key Directory server would be good for the Fedora
Project's security, but it should run on hardware under the Fedora
Project's control.

Björn Persson

Attachment: pgpIQ3DLo8g5a.pgp
Description: OpenPGP digital signatur

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux