New Global Directory of OpenPGP Keys

Gemini writes "The PGP company just announced a new type of keyserver for all your OpenPGP keys. This server verifies (via mailback verification, like mailing lists) that the email address on the key actually reaches someone. Dead keys age off the server, and you can even remove keys if you forget the passphrase. In a classy move, they've included support for those parts of the OpenPGP standard that PGP doesn't use, but GnuPG does."

FPCP

[nahdude812]

FPCP (First Privacy Complaint Post):

Won't a database of verified emails be, y'know, abusable? What about spammers who want to harvest from this? If they can't directly harvest, they could certainly validate email addresses they know about, and know they were getting people on email addresses that they care about.

Re:FPCP

Yup... spammers are already harvesting email addresses from PGP keyservers. I had an address on my key that I never ended up actually using for anything, yet I suddenly started getting spam to it. Ditto for another address that I only used with close friends and family but was also a userid on my key.

The combination of this and (nigerian) spammers that actually respond to my challenge-response authentication is getting me very pissed off about spammers. :)

Re:FPCP

[TheUnFounded]

From the FAQ:

Will I get spam if I use the PGP Global Directory?
No. Searches of the PGP Global Directory are limited to one (1) response, thus making gathering email addresses from the PGP Global Directory one of the least-effective ways of harvesting email addresses for spammers.

whitelists?

[essreenim]

Sounds like a good way to make a global whitelist!
Allow incomming mail only from such valid e-mail accounts that are using the service. Could be useful for spam. Or will spam endure as it always has done... ;/

Is there a future for PGP?

[Albanach]

Like lots of people, I've used PGP for years, but it has never taken off like it should have. I wonder if it really has a future.

Companies can secure their internal email by deploying SSL on their mailservers and enforcing its use. For email outside the company surely S/MIME has captured the market. It's built into most email software, and companies are offering free certificates.

With PGP seeming more complex and requiring a seperate install, what role does it have for today's SMEs?

Re:Is there a future for PGP?

[spellicer]

S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.

PGP's defaults are the real problem.

[nlinecomputers]

Every PGP new user has done it. Created a brand new key while learning the program and forgot the passphrase. There are hundreds of unused keys that was created and never used but can never be deleted because they don't expire.

Had PGP's defaults been for a 1 year key instead of infinite this wouldn't be an issue.

I always create 1 year keys but I've got a couple of key out there over 10 years old that I FUBAR'd that'll never go away.

Re:Widespread Crypto Revolution?

[Luigi30]

Yes... until some government makes encryption illegal because it evades wiretaps (they're trying, believe me...).

Re:Backdoors?

[rdieter]

Doesn't matter. This is a directory for public (ie, the non-private portion of) OpenPGP keys, which are/should-be publically available anyway. Else, why use public/private pgp keys at all?

Re:Backdoors?

[JimDabell]

Are there backdoors?

It doesn't matter. Keyservers are merely a method of distributing keys, not establishing trust. You can establish trust by a number of methods, such as manually verifying the fingerprint with the person yourself using a trusted medium (e.g. face to face) or having somebody you trust sign the key (after verifying their key, of course).

The real danger to public key cryptography taking off is that it will become commonplace to simply trust keys without verifying them. Everyone will feel more secure, but the security will be an illusion.

Can a central repository bring security?

[cesarbremer]

A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key? I don't know better solution than having a lot of servers in different countries, under different governments controls and laws, and when the user do a search, he can do the search in a lot of servers. How about having servers in USA, China, France, Germany, China, Finland, North Corea......, and the user can search the user public key in all these databases? When storing the public keys, why not the user store his keys in these distributed servers? Can you really believe that storing your keys under one company control can bring security?

Re:Can a central repository bring security?

[Just+Some+Guy]

if the central repository is located in USA and the FBI want to do a man-in-the-middle attack?

Not unless you're amazingly trusting of the repository. Read up on the "web of trust" and how to personally verify the keys you're using to send messages.

For example, my pubkey has been signed by several friends, and I have signed their pubkeys in kind. If I get a signed email from Charlie (whom I don't know), but his pubkey has been signed by Bob (whom I do know) using his key that I myself signed, then there is a direct path of trust between Charlie and me. If I believe that Bob is an honest guy who wouldn't have signed Charlie's key without personally verifying his identity, then I have cause to that key.

It's hard to explain the web of trust without making it sound more complicated than it really is. It's somewhat analogous to a friend introducing you to a person you've never met before. If your friend is very gullible, then you won't put much confidence in the ID of the person they're introducing. If your friend is, say, a loan officer who just spent the last month vetting the new person's identity, then you can be reasonably sure that they're giving you accurate information about that person.

Which brings us back to your question. If you're corresponding with a new contact with no trust pathway to that person, then you have exactly zero reason to believe in their identity simply because they were able to download GnuGP and create a new key. However, if that new person's key was signed by Alice, whose key was signed by Charlie, whose key was signed by Bob, whose key was signed by you, then you have at least some reason to think they're who they say they are.

There is no real concept of blindly trusting a new person in real life. GnuPG does not magically change this.

Re:Encrypted Spam?

[I+confirm+I'm+not+a]

So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

Another way of looking at it is from the "cost" of spamming - encrypting a spam "costs" the spammer, hence recent suggestions for charging mail-senders in CPU-cycles. Additionally, you'd be able to verify whether you held the spammer's public key on your keyring, and very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

Re:Widespread Crypto Revolution?

[Frank+T.+Lofaro+Jr.]

Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba. :)

This presents problems with the trust path.

[molo]

Dropping keys from the keyring presents problems with the trust path. For example, A signs B's key. B signs C's key. A now has a trust path to C. If B is dropped from the keyring, no new users can authenticate that trust path. With the current scheme, if N signs A's key, N would now have a trust path to C. With the new scheme, the link to B and C is broken because he can't retrieve B's key.

Having an email address expire is not a reason to no longer trust a key.

-molo