[Pkg-gnupg-maint] Bug#519333: gnupg: Please include support for encrypted keyserver queries [PATCH]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Mar 20 19:42:19 UTC 2009
On 03/20/2009 02:58 PM, Florian Weimer wrote:
> I have nothing against encrypting queries, but you should also keep in
> mind that you have no reason whatsoever to trust key server operators.
I agree that there is no reason whatsoever to trust any arbitrary key
server operator to keep your queries private, or to avoid logging them,
or even to produce all the relevant known data associated with a
particular query. However, there are specific key server operators who
i *do* trust to do these things whose key servers are connected to the
global network.
I'd prefer to be able to use an encrypted channel to these particular
machines, which i have reason to believe will not betray that trust.
Note that this trust does not extend to the question of keyservers
deliberately fabricating *bad* information. My OpenPGP client should be
able to cryptographically verify whether any information retrieved from
a keyserver is valid, whether i trust the keyserver or not.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20090320/bc3db518/attachment.pgp
More information about the Pkg-gnupg-maint
mailing list