Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "John" == John Levine <johnl@xxxxxxxxx> writes:


    John> I've been trying to figure out what this draft provides that
    John> the existing widely implemented PGP keyservers don't.  So far,
    John> it seems to be that in some cases it's easier to delete dead
    John> keys, although that makes some significant assumptions about
    John> how the provisioning systems work.

I also think you have higher trust in dnssec-validated keys than a key
that you get from a key server without a trust path to some key you
trust.

Key servers are a publicly writable database with no level of assurance
in the contents implied by an entry existing in the database.
dnssec can give you greater assurance if you trust the domain owner.


I think this is mostly a terrible idea, because it might lead to me
getting some significant quantity of pgp-encrypted email if successful,
and I can think of few worse things than having to deal with significant
quantities of encrypted mail:-)

However I agree with the authors that it would actually make it easier
to find pgp keys that you have some degree of trust in.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]