[Freedombox-discuss] the FreedomBox 'bump' challenge
bertagaz at ptitcanardnoir.org
bertagaz at ptitcanardnoir.org
Wed Jun 15 14:37:18 UTC 2011
On Wed, Jun 15, 2011 at 10:01:52AM +0100, Lars Wirzenius wrote:
> On Tue, Jun 14, 2011 at 07:36:18PM -0400, Daniel Kahn Gillmor wrote:
> > Of course, the fingerprint plus a URL would allow the recipient to
> > verify that it got the correct key.
>
> That's what I meant.
>
> Having to rely on keyservers is a bit unfortunate, since they are a
> centralized service, and therefore easily blockable. Further, having
> to publish one's contacts via key signatures to everyone has some
> privacy implications that may be unfortunate.
Not that centralized actually if you use the sks keyserver pool [1] which
is a round robin of several keyservers keeping their keyring
synchronized.
> At some point it may be good to think about those, for FreedomBox
> in particular, but it's not a problem that's urgent to solve for
> now.
I has this thoughts too, and was considering that maybe the freedombox
might have the ability to run a keyserver on some of them. Like if
some people wants to setup a sort of private community but still want to
use gnupg as the underlying trust mechanism, they might decide that one of
them should run such a keyserver and every people involved in the
community would setup this keyserver as the default one for their identity
related to this community. Being a private one, they would decide not to
synchronize with the global keyservers pool. They might even synchronize
privately several keyservers run by members.
Should be easy as sks is shipped into Debian. :)
[1] http://sks-keyservers.net/
bert.
More information about the Freedombox-discuss
mailing list