New Global Directory of OpenPGP Keys

Gemini writes "The PGP company just announced a new type of keyserver for all your OpenPGP keys. This server verifies (via mailback verification, like mailing lists) that the email address on the key actually reaches someone. Dead keys age off the server, and you can even remove keys if you forget the passphrase. In a classy move, they've included support for those parts of the OpenPGP standard that PGP doesn't use, but GnuPG does."

Widespread Crypto Revolution?

[c0dedude]

With the minor computational cost of crpto and the avalability of public keys, will all network traffic move toward crypography?

Re:Widespread Crypto Revolution?

[Luigi30]

Yes... until some government makes encryption illegal because it evades wiretaps (they're trying, believe me...).

Re:Widespread Crypto Revolution?

[jdludlow]

Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?

I realize that the chances of a judge buying this is going to be small, but is there a defense there? Wouldn't someone have to be able to produce the plaintext first, before they could claim that you were trying to send encrypted messages?

Re:Widespread Crypto Revolution?

[I+confirm+I'm+not+a]

I realize that the chances of a judge buying this [suspected encrypted data is "really" random garbage] is going to be small

Not if you can prove that you frequently send out random, garbage, data. It'll have the nice side-effect of making traffic analysis harder, too.

...but you didn't hear that from me, right?!

Re:Widespread Crypto Revolution?

[sunya]

So take random garbage and encrypt it. best of both worlds :)

Re:Widespread Crypto Revolution?

[Frank+T.+Lofaro+Jr.]

Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba. :)

Re:Widespread Crypto Revolution?

[SpaceLifeForm]

Well, then they'll make sending random data illegal as well.

Then how will anyone post?

Re:Widespread Crypto Revolution?

[B'Trey]

Defeats the purpose, as the whole point is to say that you're NOT sending encrypted information.

Random garbage wouldn't compress well anyway, for the same reason that encrypted data doesn't compress well - a lack of repeated senquences. It would be trivial to write a program that produces pseudo- or near-random garbage that will not compress.

However, it isn't at all certain that this would be beneficial to GPs purpose. There are ways to measure the amount of entropy in a string, and I'm not at all certain that it would be similar in an encrypted message and a random string. (I'm not an expert in this field, so I'm talking at the peripherals of my knowledge.)

Re:Widespread Crypto Revolution?

[hey!]

Actually, by definition, "random" garbage should not be compressable.

FPCP

[nahdude812]

FPCP (First Privacy Complaint Post):

Won't a database of verified emails be, y'know, abusable? What about spammers who want to harvest from this? If they can't directly harvest, they could certainly validate email addresses they know about, and know they were getting people on email addresses that they care about.

Re:FPCP

Yup... spammers are already harvesting email addresses from PGP keyservers. I had an address on my key that I never ended up actually using for anything, yet I suddenly started getting spam to it. Ditto for another address that I only used with close friends and family but was also a userid on my key.

The combination of this and (nigerian) spammers that actually respond to my challenge-response authentication is getting me very pissed off about spammers. :)

Re:FPCP

[I+confirm+I'm+not+a]

Won't a database of verified emails be, y'know, abusable?

I've wondered about this in the past, but - and naturally I don't have a link to hand ;) - apparently key-lists haven't - to date - been abused by spammers. My guess would be that spammers see users of PGP/GPG as (a) technically advanced, and hence more likely to have spam-filters/spam-retaliation protocols in place, and (b) likely to only use published emails for encryption. Either that or PGP/GPG whooshed passed spammers' heads with no comprehension occuring: "Can I make money off this JeepyGee thingee? No? Forget it, then."

Re:FPCP

[farnz]

After getting hit by a spammer using my work address as his From address, then getting deluged (a few thousand) by C-R challenges, I started just replying to challenges whether or not I sent you an e-mail.

By and large, whenever I send e-mail out of the company, I'm authorised to spend money. If you blacklist me for replying to your challenges, and later I can't get hold of you to offer you money, that's not my problem, it's yours.

Re:FPCP

[TheUnFounded]

From the FAQ:

Will I get spam if I use the PGP Global Directory?
No. Searches of the PGP Global Directory are limited to one (1) response, thus making gathering email addresses from the PGP Global Directory one of the least-effective ways of harvesting email addresses for spammers.

Re:FPCP

[YetAnotherDave]

whatever.

Since I upgraded my mailserver to SpamAssassin 3.x I don't even bother with dummy mail accounts anymore. Spam just don't bother me anymore :)

whitelists?

[essreenim]

Sounds like a good way to make a global whitelist!
Allow incomming mail only from such valid e-mail accounts that are using the service. Could be useful for spam. Or will spam endure as it always has done... ;/

Re:whitelists?

[wwest4]

> Or will spam endure as it always has done... ;/

Or only allow incoming mail that's signed. This won't prevent spam, but it will complicate the spammers' lives a bit, at least for a while.

Re:whitelists?

[Tenebrious1]

Sounds like a good way to make a global whitelist!

It won't be any different from individuals creating their own whitelist, since you can't implement whitelists at the ISP level since most people do not use PGP and cannot be forced to use it.

It wouldn't stop spammers at all though, since spammers could still create legitimate keys, send out a billion spam then delete those email accounts and move on. It may slow it down a bit until some smart spammer creats a program to automate the process of creating, registering, and authenticating the key, but I doubt it will take too much time and effort.

Re:whitelists?

[NoMoreNicksLeft]

Yeh, especially since they can't write a script that will generate 12 million pgp keys, using each to sign only 4 or 5 spams, before discarding it.

Thank god there aren't PCI cards that offload crypto.

Is there a future for PGP?

[Albanach]

Like lots of people, I've used PGP for years, but it has never taken off like it should have. I wonder if it really has a future.

Companies can secure their internal email by deploying SSL on their mailservers and enforcing its use. For email outside the company surely S/MIME has captured the market. It's built into most email software, and companies are offering free certificates.

With PGP seeming more complex and requiring a seperate install, what role does it have for today's SMEs?

Re:Is there a future for PGP?

[Ashe+Tyrael]

There is a problem with this though. Several ISPs, for good and legitimate reasons (spam and virii) don't allow certain types of e-mail attachment. Which means if I sign an e-mail, the fact I've signed it gets filtered by the receiving ISP.

Nothing wrong with the standard itself, just a lack of support and clue by ISPs.

Re:Is there a future for PGP?

[spellicer]

S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.

Re:Is there a future for PGP?

[jludwig]

Its missing what I call the "grandmother" factor. I can explain it to most technical people I encounter (but can't convince any to use it), but its way too complex an implementation for most average users to handle - my mother or grandmother. Its not that they can't understand it, but the computer is already overwhelming and they need something that "just works(tm)". The Web of trust concept "just makes my head want to explode(tm)"

Unfortunately I can't see a good way to make things more transparent and invisible to the end user. Most folks don't pick good passwords, yet that is absolutely essential for PGP private key security. Also, a yearly drive reformat is not uncommon, so lost keys are a huge issue. This technology partially address that issue but I shouldn't need to check to see if someone updated there key every message, plus theres the trust issue with a constantly rotating keyset.

Jeff

Re:Is there a future for PGP?

[Ramses0]

PGP will come, but will meet strong resistance from "important people" along the way. It's really not that hard, get AOL, Yahoo! Mail, and GMail to automatically create public/private keys, publish, store, archive, sign, etc. all your email when using their web interface.

*YOU* don't ever need to know that the email has been encrypted, or that you even have a public/private key. You could even do something ridiculously small, like a 24 bit key or something to keep "gub'ment" happy.

The next step is adding a button in "mail options" to upload YOUR OWN PUBLIC KEY. Yahoo! (eg) receives it, sends you a challenge, and says: "decrypt this message, type in the 8-letter token that's in there, and we'll accept and advertise your new public key as yours, and expire the old auto-generated one". If you wanted to trust yahoo with your private key, that's your own business. But even neglecting the use of personal public keys and sticking with auto-generated ones, by hitting the major's you'd have 20-30% market saturation of encrypted emails, and the infrastructure to support future uses of public/private key stuff.

Eventually one of the majors will realize that "all identity problems go away" when there is a broadly available public/private key infrastructure.

Imagine typing your email address into slashdot, slashdot fetches your public key [in background], issues your browser a challenge, browser decrypts challenge with private key and responds. Viola. Passwordless logins everywhere. Who out there is listening? 80% of the infrastructure is in place already. (moz-plugin: gpg-challenge-response)?

--Robert

Re:Is there a future for PGP?

[Greyfox]

If companies would sign their corrispondance with a PGP key, it could eliminate (Or at least siginificantly reduce) phishing. More so if common mail clients were to support PGP and PGP signatures better.

PGP's defaults are the real problem.

[nlinecomputers]

Every PGP new user has done it. Created a brand new key while learning the program and forgot the passphrase. There are hundreds of unused keys that was created and never used but can never be deleted because they don't expire.

Had PGP's defaults been for a 1 year key instead of infinite this wouldn't be an issue.

I always create 1 year keys but I've got a couple of key out there over 10 years old that I FUBAR'd that'll never go away.

Oh great, spammer heaven

[phr1]

Fantastic, a global database of cryptographically authenticated email addresses that have been tested to reach a real person.

We need a new key format, that doesn't have a live email address but instead has a hash of one. You'd send the address separately so it could be compared against the hash. There'd be salting to stop brute force searches. The database server could then still verify all the addresses (by sending emails out) but the actual email addresses would stay unpublished.

Encrypted Spam?

[4of12]

So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

Since the MTA's can't read my mail for spamminess if it is encrypted, the spam filter responsibility will be for my local email client with a set of my cached private key so it can decrypt and trash those herbal viagara offers.

Re:Encrypted Spam?

[I+confirm+I'm+not+a]

So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

Another way of looking at it is from the "cost" of spamming - encrypting a spam "costs" the spammer, hence recent suggestions for charging mail-senders in CPU-cycles. Additionally, you'd be able to verify whether you held the spammer's public key on your keyring, and very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

Re:Encrypted Spam?

[Frank+T.+Lofaro+Jr.]

Spammers won't sent you encrypted mail.

It is way too computationally expensive.

Spam programs are designed to work extremely fast, using very little CPU to send a message.

That is why things like hashcash would work, they'd make it economically unfeasible for spammers.

Encryption takes quite a bit of work (just less than unauthorized decryption :)

Re:Encrypted Spam?

[TheLoneCabbage]

Asymetricly encrypted emails are rarely actually encrypted. They are signed. which is that I mearly provide an encrypted hash of the email, to prove that whoever sent it, has access to the private key.

The keys themselves can be signed by a master key, by o' say PGP's new website. (this does not require the PGP website to have a copy of the private key)

What this meens is they could give the signing service away for free to individuals, in order to create a defacto standard. But then charge legitimate bulk emailers for the privlege of their service. PGP becomes the arbiter of who is spam and who is not. In exchange they get to charge for permission to send bulk/commercial mail.

Sounds like a good buisness plan.

Of course, I'll have to RTFA once the /.'ing stops.

Hell yeah...

[danielrm26]

Dead keys age off the server, and you can even remove keys if you forget the passphrase.

Thank Jesus.

Re:Backdoors?

[rdieter]

Doesn't matter. This is a directory for public (ie, the non-private portion of) OpenPGP keys, which are/should-be publically available anyway. Else, why use public/private pgp keys at all?

First overcome lazyness.

[StrawberryFrog]

PGP's been around for years, and hasn't taken over. Layness is a powerfull force - self-preservation has to work hard to overcome it.

If this site can be Slashdotted...

[jdludlow]

...what are the chances that it's going to hold up to millions of email clients all trying to access keys at once?

Re:Backdoors?

[essreenim]

I think more the latter:

..one of the few ways of having as close to true privacy as we can realistically get

And please dont call it "homeland security". It's more "civil rights management" or "civil restrictions management" depending on your opinion. One thing for sure is that something which is such a popular catch phrase for counter-terrorism has no real association with the comfort of a "home" - the place you come from. In fact I find that it is those people who are most cynical and paranoid (homeless like in other words) that are throwing that slogan around like a contraceptive. At least thats how I feel in my "home" land - Ireland.

Sorry if you think Im trying to flame you, I am not. Im trying to encourage you not to use that word - which has false interpretation, muck like the infamous DRM acronym...

Centralization

[hey]

The nice thing about PGP/GPG is that it is decentralized! You don't need to obtain a "certificate" from any big-bad central authority.
But now this move centralizes things - yuck.
If you want to send PGP mail to/from a friend,
just mail public keys to each other.

Re:Backdoors?

[JimDabell]

Are there backdoors?

It doesn't matter. Keyservers are merely a method of distributing keys, not establishing trust. You can establish trust by a number of methods, such as manually verifying the fingerprint with the person yourself using a trusted medium (e.g. face to face) or having somebody you trust sign the key (after verifying their key, of course).

The real danger to public key cryptography taking off is that it will become commonplace to simply trust keys without verifying them. Everyone will feel more secure, but the security will be an illusion.

Re:Centralization ??

[jimbro2k]

Good point, but this just provides a central option . You can still do a private(?) exchange of public keys with your friends & not friends, or do both..

Can a central repository bring security?

[cesarbremer]

A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key? I don't know better solution than having a lot of servers in different countries, under different governments controls and laws, and when the user do a search, he can do the search in a lot of servers. How about having servers in USA, China, France, Germany, China, Finland, North Corea......, and the user can search the user public key in all these databases? When storing the public keys, why not the user store his keys in these distributed servers? Can you really believe that storing your keys under one company control can bring security?

Re:Can a central repository bring security?

[Just+Some+Guy]

if the central repository is located in USA and the FBI want to do a man-in-the-middle attack?

Not unless you're amazingly trusting of the repository. Read up on the "web of trust" and how to personally verify the keys you're using to send messages.

For example, my pubkey has been signed by several friends, and I have signed their pubkeys in kind. If I get a signed email from Charlie (whom I don't know), but his pubkey has been signed by Bob (whom I do know) using his key that I myself signed, then there is a direct path of trust between Charlie and me. If I believe that Bob is an honest guy who wouldn't have signed Charlie's key without personally verifying his identity, then I have cause to that key.

It's hard to explain the web of trust without making it sound more complicated than it really is. It's somewhat analogous to a friend introducing you to a person you've never met before. If your friend is very gullible, then you won't put much confidence in the ID of the person they're introducing. If your friend is, say, a loan officer who just spent the last month vetting the new person's identity, then you can be reasonably sure that they're giving you accurate information about that person.

Which brings us back to your question. If you're corresponding with a new contact with no trust pathway to that person, then you have exactly zero reason to believe in their identity simply because they were able to download GnuGP and create a new key. However, if that new person's key was signed by Alice, whose key was signed by Charlie, whose key was signed by Bob, whose key was signed by you, then you have at least some reason to think they're who they say they are.

There is no real concept of blindly trusting a new person in real life. GnuPG does not magically change this.

Re:Can a central repository bring security?

[Artifakt]

Your explanation for the web of trust is cogent, well grounded in reality and still manages to capture the essentials of the process. Nicely done , Sir! One nitpick, however:

In Alice and Bob explanations, the C party is usually Carol.

Here's a wiki entry that discusses real life as it applies to cryptography. Its arguements parellel and support some of yours nicely, while also explaining Carol, Dave, and the others.

http://en.wikipedia.org/wiki/Alice_and_Bob/

A Big Step...

[shaneh0]

Perceived Value is very closely tied to percieved scarcity. As people begin to *realize* that their privacy is as scarce as it actually is, people will begin to value their privacy ergo encryption.

Feeding that will be dirt simple encryption applications that make it so EASY to encrypt and decrypt that you might as well do it. (Like, for example, the application I'm finishing right now but refuse to plug until it's released)

The biggest problem now is that if a developer wants to include Public Key encryption abilities in has app he has to create an entire key management system and force users to gather the keys of all their contacts manually because there's just no other way. How many users are going to do that for a program that they only kinda think they need?

If you want the answer to that question, look at the percentage of users who currently encrypt any large part of their communication (SSL excluded?)

OpenPGP set to become global standard

[Mstrgeek]

well done wrtie up on this topic

http://www.itweek.co.uk/news/1118258

One word

[lildogie]

> Is there any way to acutally prove that a message is encrypted,
> as opposed to being just random garbage data that two people
> happened to mail to each other?

Torture.

Re:OpenLDAP keyserver?

[weaselp]

http://keyserver.noreply.org/~weasel/PGP%20Keyserv er%20Schema/

Re:out the window

[Frank+T.+Lofaro+Jr.]

Perhaps Homeland Security thought the PGP keyserver was a threat and had an article about it posted to Slashdot. If so, it apparently worked. :)

Now where is my tinfoil hat?

This presents problems with the trust path.

[molo]

Dropping keys from the keyring presents problems with the trust path. For example, A signs B's key. B signs C's key. A now has a trust path to C. If B is dropped from the keyring, no new users can authenticate that trust path. With the current scheme, if N signs A's key, N would now have a trust path to C. With the new scheme, the link to B and C is broken because he can't retrieve B's key.

Having an email address expire is not a reason to no longer trust a key.

-molo

who needs keys...

[hey]

... just use fake PGP

Re:Backdoors?

[JimDabell]

It matters a lot if, let's say, you encrypt a sensitive email with a fake public key not belonging to the person you think it is.

No, it doesn't matter in the slightest how you got the key. PGP operates under the assumption that it's not practical to always use a trusted medium to exchange keys. It doesn't trust keys by default.

PGP uses the concept of a "web of trust" to decide whether you should trust a key or not. If you can securely verify the legitimacy of a public key, then you can sign it, so that people who trust your judgement can also trust the key. In reverse, you can trust keys that people you trust have signed.

How the keys are transferred is completely irrelevent to this mechanism. You could download a public key from Gnutella or Usenet, and as long as it's been signed by somebody you trust, or you can verify the fingerprint over a secure medium, it's trustable.

So, your scenario would play out as follows:

1. Download "trojan" public key.
2. Not signed by somebody you trust? Throw the key away.
3. Signed by somebody you trust, but the signature is invalid? Throw the key away.
4. Signed by somebody you trust, and the signature is valid? The key is trustworthy.

The balance between how practical and how secure your web of trust is depends on how much trust you place in others. It doesn't depend on the medium you transfer keys under in the slightest. That is why it doesn't matter if there are backdoors in the keyserver. No amount of tampering with it could make the web of trust any less secure.

If you think about your line of reasoning, if what you said were true, PGP would be pretty damn insecure to begin with, as you'd necessarily be trusting an external entity (the PGP keyserver admins) with all your communications.

Re:..future for PGP? YES! Here's moreResources!?!?

[QuietRiot]

DROP TEXT :: Email People

(Sent this a few days ago to my ISP and family members - thought it might be useful to some /.ers or otherwise... Forward At Will )

=Cy

:: E M A I L ::

Do consider Thunderbird

http://www.mozilla.com/products/thunderbird/
http://www.mozilla.com/products/thunderbird/why/

for both yourself and your clients. It's really a wonderful product
and has spam handling built right in. Unlike Outlook(TM) it is open
about where it keeps your email (not hidden and difficult to export)
and is not so susceptible to worms and email nastiness such as scripts
that run without hindrance. Many a spyware app has been installed
further contributing to the spam problem due to people running just
that piece of software. Don't help the spammers. Reclaim your inbox.

It supports Enigmail: ( email envelopes you don't have to lick! )

http://enigmail.mozdev.org/
http://www.moztips.com/index.php?id=87
http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.ph p

I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
secure mail. I've got nothing to hide, but I don't like using
postcards for all my USPS correspondence either. Regular email is
like using postcards on the internet. Any postal worker along the way
can take a look ( have a look at email "headers" sometime; every hop
you see is a place where your email is stored on a hard drive. )
Please use an envelope when communicating with me. Won't even cost
you a stamp. I value your privacy as much as I hope you value mine.

Privacy tool for Windows: (supports Eudora, Outlook, Clipboard)
http://winpt.sf.net

There's no need to keep my public key a secret. Feel free to give
it away or put it on a telephone pole; write it in the sky if you'd
like. It's available on the web. The more people that have it the
better. Use it to seal your envelopes when sending me mail. I've got
the only other matching key (my private key, opposite the public key
I've given to you) that allows me to unlock the envelope. You can
even lock an envelope so that multiple people can unlock it on their
own, but nobody else can read what you've sent them.

You can also find keys for me here:

http://www.biglumber.com

Please try it out. Be glad to help you get started.

:: W E B ::
If you haven't heard of the Firefox web browser yet

http://www.mozilla.org/products/firefox/

download it and check it out. Then look into the Extensions under
tools. Fast, far more secure than IE and extremely standards
compliant. Lots of tricks up it's sleeve in the way of Extensions,
themes, etc. Introducing this to your clients might be worthwhile as
well. The less spam and junk they've got clogging up their machines,
the less you'll pay for bandwidth, etc. Worth a look.

Thunderbird will import from Outlook. They just had a major release.
Even though this is version 1.0 it's not like a "typical" 1.0 release.
In the opensource world projects often start out with very low version
numbers. It's not uncommon to see something like v0.3.22 for very
usable and extremely bug free pieces of software.

Anyway it's really nice - though it doesn't have the calendar and palm
integration. That you'll need to weigh. Mom however doesn't need to
be on outlook....

=====[ http://www.mozilla.org/products/thunderbird/releas es/ ] =======

Comprehensive Mail Migration from other Mail Clients

Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your email data including settings, mail folders

Re:What unshared features?

[Gemini]

Can someone explain what these Gnu/PG features that aren't in PGP are, and what they have to do with the key database?

Little stuff that can be annoying if you suddenly are incompatible. OpenPGP allows multiple photo IDs per key, and PGP only allows one. OpenPGP allows subkeys that can make signatures or encrypt, and PGP only allows subkeys that can encrypt. Stuff like that.

These things are part of keys, and if the keyserver is written to assume PGP-generated keys, it might not support them.