Re: Turning off keys.fedoraproject.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kevin Fenzi wrote:
> Fas is on life support mode, but something could be added to the new
> coming account system interface. 

I understand from this that the entire FAS will be replaced. I had
previously gotten a vague impression that the new project would replace
the authentication bits of FAS or something.

> keys.openpgp.org offers a WKD as a service thing:
> 
> https://keys.openpgp.org/about/usage

Hmm. They state that they support the lookup protocol, but in their FAQ
I find this statement:

| The keys.openpgp.org service is meant for key distribution and
| discovery, not as a de facto certification authority. Client
| implementations that want to offer verified communication should rely
| on their own trust model.

That is, you're not supposed to trust that keys you receive from
keys.openpgp.org are genuine.

WKD, on the other hand, aims to solve that. The WKD Internet Draft
(https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-09)
says this about the Web Key Directory Update Protocol:

| To put keys into the key directory a protocol to automate the task is
| desirable.  The protocol defined here is entirely based on mail and
| the assumption that a mail provider can securely deliver mail to the
| INBOX of a user (e.g. an IMAP folder).

Securely dropping an email in a user's mailbox is no problem for an
email provider that controls its own infrastructure. For a third party
like keys.openpgp.org it's another matter. They state that they use
MTA-STS and STARTTLS Everywhere to make sure that verification emails
are sent over TLS, but what do they do if your email provider doesn't
support SMTP over TLS? Do they refuse your key in that case? My guess
is that they send the verification email unprotected, and that that's
one reason why they say they're not a certification authority.

Forwarding aliases like the addresses in fedoraproject.org add another
complication. Even if Red Hat's mail servers support MTA-STS, there is
no way for keys.openpgp.org to know whether the next hop will be secure.

A directory server integrated with FAS's successor wouldn't have to try
to verify keys over insecure email. Users could upload their key to
their account, and that would be sufficient proof that the key is
theirs.

Björn Persson

Attachment: pgpdlI1tKb1me.pgp
Description: OpenPGP digital signatur

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux