Slashdot Mirror


New Global Directory of OpenPGP Keys

Gemini writes "The PGP company just announced a new type of keyserver for all your OpenPGP keys. This server verifies (via mailback verification, like mailing lists) that the email address on the key actually reaches someone. Dead keys age off the server, and you can even remove keys if you forget the passphrase. In a classy move, they've included support for those parts of the OpenPGP standard that PGP doesn't use, but GnuPG does."

8 of 234 comments (clear)

  1. Widespread Crypto Revolution? by c0dedude · · Score: 3, Interesting

    With the minor computational cost of crpto and the avalability of public keys, will all network traffic move toward crypography?

    --
    Since when has this country used intellectual elite as a pejorative term?
    1. Re:Widespread Crypto Revolution? by jdludlow · · Score: 3, Interesting

      Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?

      I realize that the chances of a judge buying this is going to be small, but is there a defense there? Wouldn't someone have to be able to produce the plaintext first, before they could claim that you were trying to send encrypted messages?

  2. FPCP by nahdude812 · · Score: 4, Interesting

    FPCP (First Privacy Complaint Post):

    Won't a database of verified emails be, y'know, abusable? What about spammers who want to harvest from this? If they can't directly harvest, they could certainly validate email addresses they know about, and know they were getting people on email addresses that they care about.

  3. Is there a future for PGP? by Albanach · · Score: 4, Interesting
    Like lots of people, I've used PGP for years, but it has never taken off like it should have. I wonder if it really has a future.

    Companies can secure their internal email by deploying SSL on their mailservers and enforcing its use. For email outside the company surely S/MIME has captured the market. It's built into most email software, and companies are offering free certificates.

    With PGP seeming more complex and requiring a seperate install, what role does it have for today's SMEs?

    1. Re:Is there a future for PGP? by spellicer · · Score: 5, Interesting

      S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

      S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

      The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.

  4. Encrypted Spam? by 4of12 · · Score: 3, Interesting

    So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

    Since the MTA's can't read my mail for spamminess if it is encrypted, the spam filter responsibility will be for my local email client with a set of my cached private key so it can decrypt and trash those herbal viagara offers.

    --
    "Provided by the management for your protection."
  5. First overcome lazyness. by StrawberryFrog · · Score: 3, Interesting

    PGP's been around for years, and hasn't taken over. Layness is a powerfull force - self-preservation has to work hard to overcome it.

    --

    My Karma: ran over your Dogma
    StrawberryFrog

  6. This presents problems with the trust path. by molo · · Score: 4, Interesting

    Dropping keys from the keyring presents problems with the trust path. For example, A signs B's key. B signs C's key. A now has a trust path to C. If B is dropped from the keyring, no new users can authenticate that trust path. With the current scheme, if N signs A's key, N would now have a trust path to C. With the new scheme, the link to B and C is broken because he can't retrieve B's key.

    Having an email address expire is not a reason to no longer trust a key.

    -molo

    --
    Using your sig line to advertise for friends is lame.