[Pkg-gnupg-maint] Bug#519333: gnupg: Please include support for encrypted keyserver queries [PATCH]

[Werner Koch]

On Mon, 23 Mar 2009 15:17, dkg at fifthhorseman.net said:

> certificate retrieval via cleartext HKP over tor does not:
>
>  * assure me that the host i'm connecting to is in fact the keyserver
> which i trust to return reasonable information, or

Who cares?  you don't have any control over the keyservers and what ends
up on the servers.  Nor do the keyservers can control this.

>  * assure me that data has not been tampered with in transit between the
> tor exit node and the keyserver, or

OpenPGP keys are self-contained.  Thus this is not an issue.

>  * hide my queries from an snoop on the same network segment as the
> keyserver or anywhere between the tor exit node and the keyserver.

See my comment on gnupg-devel; given enough traffic to the keyservers
optionally with filler queries, it is not worse as with any other use of
tor.  Or in short What is your threat model?

> My particular collection of OpenPGP certificates (certs whose updates
> would be fetched en masse during something like "gpg --refresh-keys")
> probably represents a rare enough subset of the global keyspace to be
> able to identify as me to a sufficiently motivated attacker.

I see a conflict here: You want strong anonymity but you rely on public,
key servers not under your control, to do the right thing.  Anyway,
revocation certificates don't really work.  It is too easy to corrupt
data on keyservers.

You should resort to a different mechanism for key retrieval that the
ad-hoc network of public keyservers. 

> While tor is certainly a good option to obscure where i'm connecting
> *from* (something which hkps does not achieve), it does not meet the
> same goals as a TLS-wrapped connection to a keyserver.

I don't think that this bug tracker is the right meida to discuss such
stuff.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.