Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Encryption Security Privacy

New Global Directory of OpenPGP Keys 234

Posted by michael
from the how-may-i-direct-your-call dept.
Gemini writes "The PGP company just announced a new type of keyserver for all your OpenPGP keys. This server verifies (via mailback verification, like mailing lists) that the email address on the key actually reaches someone. Dead keys age off the server, and you can even remove keys if you forget the passphrase. In a classy move, they've included support for those parts of the OpenPGP standard that PGP doesn't use, but GnuPG does."
This discussion has been archived. No new comments can be posted.

New Global Directory of OpenPGP Keys

Comments Filter:
  • by c0dedude (587568) on Thursday December 09, 2004 @10:53AM (#11042501)
    With the minor computational cost of crpto and the avalability of public keys, will all network traffic move toward crypography?
    • by Luigi30 (656867) on Thursday December 09, 2004 @10:58AM (#11042541)
      Yes... until some government makes encryption illegal because it evades wiretaps (they're trying, believe me...).
      • by jdludlow (316515) on Thursday December 09, 2004 @11:20AM (#11042768)

        Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?

        I realize that the chances of a judge buying this is going to be small, but is there a defense there? Wouldn't someone have to be able to produce the plaintext first, before they could claim that you were trying to send encrypted messages?

        • I realize that the chances of a judge buying this [suspected encrypted data is "really" random garbage] is going to be small

          Not if you can prove that you frequently send out random, garbage, data. It'll have the nice side-effect of making traffic analysis harder, too.

          ...but you didn't hear that from me, right?!

        • pgp messages tend to start with "------BEGIN PGP ENCRYPTED MESSAGE-----" or something similar, or else are encrypted files with the .pgp extension and well known magic numbers at the start. Now ok this is not 100% proof, but it's certainly the balance of probabilities, and might well suffice for beyond reasonable doubt.
          • That's just a convenience for the software though. You aren't required to send the "---BEGIN PGP ENCRYPTED MESSAGE---" part if you don't want to. As long as your recipient still knows what to do with the message you can communicate.
        • Well, then they'll make sending random data illegal as well.

          However you could take your encrypted data and hide it in non-encrypted data (steganography). After all, they will first have to find out that all your holiday pictures are not really sent for sharing them, but actually in order to hide some encrypted messages inside.
        • In places where the attempt is made to appear to be a free society (like USA, Canada, EU) sure you might be able to try that, but if you're in China or someplace like that you'd be risking a bullet in the back of your head.

          For a places like that, we'll need steganography so that people can securely transmit data while pretending to do nothing out of the ordinary.

          LK
        • All they have to do is impound your pc. Then they will find that you have PGP installed... a violation.

          The suspicious traffic will be enough to get the warrant...

          Once it becomes illegal, we are screwed...
          • How big is PGP? Could it fit on a floppy? Could said floppy be destroyed? How about a passcode you have to enter, and if you enter it wrong it'll burn anything naughty on your system.

            The government will soon realize that we are smarter, faster, and more adaptable that it can every hope to be. Then it will have us hunted down and shot.

            • Well if your mad enough, you could (probably I haven't tried it) use Knoppix/Kanotix or a similar livecd (stock so the presence of the tools suggests nothing) and store your key and sensitive information on a encrypted loopback fs. You could even put extra encryption/stenographic software inside the loopback fs using something like klik. The only problem is that somewhere unecrypted has to be your code to "destroy the loopback fs if the wrong password is entered" and I can't see that becoming too common
        • One word (Score:3, Insightful)

          by lildogie (54998)
          > Is there any way to acutally prove that a message is encrypted,
          > as opposed to being just random garbage data that two people
          > happened to mail to each other?

          Torture.
        • The better the encryption, the less it will be discernible from random data. (Same with compression, BTW. It's all about entropy.)
    • by StrawberryFrog (67065) on Thursday December 09, 2004 @11:07AM (#11042625) Homepage Journal
      PGP's been around for years, and hasn't taken over. Layness is a powerfull force - self-preservation has to work hard to overcome it.
      • As your typo proves, the strongest force in human communication is "it works anyway". Until there's a critical mass of people with whom other people need to use encryption to communicate, we'll be stuck with the problems of postcards and undefined trust.
    • by Frank T. Lofaro Jr. (142215) on Thursday December 09, 2004 @11:52AM (#11043113) Homepage
      Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba. :)
      • Ok, so I realise that at least 70% of the /. users will figure this out... so this is in part for the other 30%, and in part because I'm just being stupid. Using a bit of cut&paste with the tr command, I un-rot13'd this:

        $ echo "Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba" | tr n-za-mN-ZA-M a-zA-Z
        No, I don't think cryptography will ever catch on

        Stupid me ... I thought that tr was telling me something - took a second glance to realise that it was the un-rot13'd message...

      • Lbh pbhyq unir fbzrguvat gurer. Uez....
  • FPCP (Score:5, Interesting)

    by nahdude812 (88157) on Thursday December 09, 2004 @10:55AM (#11042514) Homepage
    FPCP (First Privacy Complaint Post):

    Won't a database of verified emails be, y'know, abusable? What about spammers who want to harvest from this? If they can't directly harvest, they could certainly validate email addresses they know about, and know they were getting people on email addresses that they care about.
    • Like they can't already do that with the old keyservers? Most keys should resolve to a valid email address, No?
    • Re:FPCP (Score:4, Informative)

      by Anonymous Coward on Thursday December 09, 2004 @11:00AM (#11042559)
      Yup... spammers are already harvesting email addresses from PGP keyservers. I had an address on my key that I never ended up actually using for anything, yet I suddenly started getting spam to it. Ditto for another address that I only used with close friends and family but was also a userid on my key.

      The combination of this and (nigerian) spammers that actually respond to my challenge-response authentication is getting me very pissed off about spammers. :)
      • Re:FPCP (Score:2, Interesting)

        by farnz (625056)
        After getting hit by a spammer using my work address as his From address, then getting deluged (a few thousand) by C-R challenges, I started just replying to challenges whether or not I sent you an e-mail.

        By and large, whenever I send e-mail out of the company, I'm authorised to spend money. If you blacklist me for replying to your challenges, and later I can't get hold of you to offer you money, that's not my problem, it's yours.

    • Re:FPCP (Score:3, Interesting)

      Won't a database of verified emails be, y'know, abusable?

      I've wondered about this in the past, but - and naturally I don't have a link to hand ;) - apparently key-lists haven't - to date - been abused by spammers. My guess would be that spammers see users of PGP/GPG as (a) technically advanced, and hence more likely to have spam-filters/spam-retaliation protocols in place, and (b) likely to only use published emails for encryption. Either that or PGP/GPG whooshed passed spammers' heads with no comprehe

    • by Gemini (32631)
      What about spammers who want to harvest from this?

      It's not a good harvesting target. You can only get *one* email address per search. If I were a spammer, I'd go somewhere that gives me more for less effort.

      Still, even the old keyservers where you can get many addresses per search seem to be ignored by spammers. Even they are not rich enough of a target.
    • Re:FPCP (Score:5, Informative)

      by TheUnFounded (731123) on Thursday December 09, 2004 @11:34AM (#11042921)
      From the FAQ:

      Will I get spam if I use the PGP Global Directory?
      No. Searches of the PGP Global Directory are limited to one (1) response, thus making gathering email addresses from the PGP Global Directory one of the least-effective ways of harvesting email addresses for spammers.
      • Re:FPCP (Score:3, Interesting)

        whatever.

        Since I upgraded my mailserver to SpamAssassin 3.x I don't even bother with dummy mail accounts anymore. Spam just don't bother me anymore :)

  • by Albanach (527650) on Thursday December 09, 2004 @10:56AM (#11042523) Homepage
    Like lots of people, I've used PGP for years, but it has never taken off like it should have. I wonder if it really has a future.

    Companies can secure their internal email by deploying SSL on their mailservers and enforcing its use. For email outside the company surely S/MIME has captured the market. It's built into most email software, and companies are offering free certificates.

    With PGP seeming more complex and requiring a seperate install, what role does it have for today's SMEs?

    • There is a problem with this though. Several ISPs, for good and legitimate reasons (spam and virii) don't allow certain types of e-mail attachment. Which means if I sign an e-mail, the fact I've signed it gets filtered by the receiving ISP.

      Nothing wrong with the standard itself, just a lack of support and clue by ISPs.
    • by spellicer (146331) on Thursday December 09, 2004 @11:13AM (#11042678) Homepage
      S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

      S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

      The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.
    • Its missing what I call the "grandmother" factor. I can explain it to most technical people I encounter (but can't convince any to use it), but its way too complex an implementation for most average users to handle - my mother or grandmother. Its not that they can't understand it, but the computer is already overwhelming and they need something that "just works(tm)". The Web of trust concept "just makes my head want to explode(tm)"

      Unfortunately I can't see a good way to make things more transparent and i

      • Know what I did for my grandfolks? We got them an imac a while back. We upgraded it and got OS X on it. It's not a lightning fast machine but it's a killer email and casual browsing machine. Put Thunderbird and enigmail on it and then made them a pgp key sans passphrase (yeah, yeah yeah, I know)

        They sign all messages by default and then via enigmail we set up some rules and they always encrypt to me and the parts of the family that have been converted. They didn't even know they were doing it at

      • PGP will come, but will meet strong resistance from "important people" along the way. It's really not that hard, get AOL, Yahoo! Mail, and GMail to automatically create public/private keys, publish, store, archive, sign, etc. all your email when using their web interface.

        *YOU* don't ever need to know that the email has been encrypted, or that you even have a public/private key. You could even do something ridiculously small, like a 24 bit key or something to keep "gub'ment" happy.

        The next step is adding
    • I think PGP has a future.

      In the couple years PGP/GnuPG have become much simpler to set up, especially on windows. Thunderbird/Enigmail works great on many platforms. On linux KMail and kgpg also just works.
    • It comes down to a matter of trust. Personally I don't trust my ISPs mail servers, nor do I trust some of the admins (not that I think they are malicious, just they they make mistakes)

      Also, PGP is not just about encryption but about message authentication. S/MIME can't give you that.
    • For email outside the company surely S/MIME has captured the market.

      Has it?

      I've never seen an S/MIME message, or ever felt the need to make one, or get a key, or anything. In most of the (admittedly geeky) places where it's common to sign message, it's always been GPG. The company I work for uses GPG to communicate with customers, and the customers have never suggested using S/MIME instead. As far as I've seen, GPG (and PGP) rule.

      Where is S/MIME actually used?

    • If companies would sign their corrispondance with a PGP key, it could eliminate (Or at least siginificantly reduce) phishing. More so if common mail clients were to support PGP and PGP signatures better.
  • by nlinecomputers (602059) on Thursday December 09, 2004 @10:57AM (#11042532)
    Every PGP new user has done it. Created a brand new key while learning the program and forgot the passphrase. There are hundreds of unused keys that was created and never used but can never be deleted because they don't expire.

    Had PGP's defaults been for a 1 year key instead of infinite this wouldn't be an issue.

    I always create 1 year keys but I've got a couple of key out there over 10 years old that I FUBAR'd that'll never go away.
  • by phr1 (211689)
    Fantastic, a global database of cryptographically authenticated email addresses that have been tested to reach a real person.

    We need a new key format, that doesn't have a live email address but instead has a hash of one. You'd send the address separately so it could be compared against the hash. There'd be salting to stop brute force searches. The database server could then still verify all the addresses (by sending emails out) but the actual email addresses would stay unpublished.

    • I don't think that the email addresses has to be valid, or even present. The person signing a key only has to be sure of who the key belongs to.
    • The database server could then still verify all the addresses (by sending emails out) but the actual email addresses would stay unpublished.

      As others have pointed out, a keyserver isn't a directory of e-mail addresses and keys. You can't hop onto the site and somehow "browse" through the keys. The search function returns 1 positive match per search. IOW, you would need to know about the address before you could find it. "Brute searching" would be a fruitless waste of time and money for a spammer.
  • Encrypted Spam? (Score:4, Interesting)

    by 4of12 (97621) on Thursday December 09, 2004 @11:06AM (#11042613) Homepage Journal

    So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

    Since the MTA's can't read my mail for spamminess if it is encrypted, the spam filter responsibility will be for my local email client with a set of my cached private key so it can decrypt and trash those herbal viagara offers.

    • Re:Encrypted Spam? (Score:5, Insightful)

      by I confirm I'm not a (720413) on Thursday December 09, 2004 @11:33AM (#11042902) Journal

      So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

      Another way of looking at it is from the "cost" of spamming - encrypting a spam "costs" the spammer, hence recent suggestions for charging mail-senders in CPU-cycles. Additionally, you'd be able to verify whether you held the spammer's public key on your keyring, and very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

      • very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

        But doesn't that kind of go against the whole point of a public keyserver (people not on your keyring can look up your key)????
        • But doesn't that kind of go against the whole point of a public keyserver (people not on your keyring can look up your key)????

          I think the rationale is that keys "go dead" (elsewhere in this thread someone mentioned that "everyone" creates a key when they're first getting into PGP, and then forgets the passphrase. Naturally, this leads to keys of limited or zero value published on the keyservers.

          ...and, of course, people will still be able to look up your key - if you keep it up-to-date.

        • Well, you could just delete all unsigned mail, and then have a 3rd-party database of bad email signers (similar to current IP-based spam databases).

          If spammers had to sign their mail with a key published in a directory, it would greatly diminish their ability to camoflage the sender.

          Plus, the keyserver could only allow a limited number of key submissions per day from a given IP - so the spammer needs a bunch of IP addresses to send mail from more than a few addresses per day.

          Plus the spammer has to do ex
    • Spammers won't sent you encrypted mail.

      It is way too computationally expensive.

      Spam programs are designed to work extremely fast, using very little CPU to send a message.

      That is why things like hashcash [hashcash.org] would work, they'd make it economically unfeasible for spammers.

      Encryption takes quite a bit of work (just less than unauthorized decryption :)
    • Asymetricly encrypted emails are rarely actually encrypted. They are signed. which is that I mearly provide an encrypted hash of the email, to prove that whoever sent it, has access to the private key.

      The keys themselves can be signed by a master key, by o' say PGP's new website. (this does not require the PGP website to have a copy of the private key)

      What this meens is they could give the signing service away for free to individuals, in order to create a defacto standard. But then charge legitimate bulk
  • by danielrm26 (567852) * on Thursday December 09, 2004 @11:06AM (#11042614) Homepage
    Dead keys age off the server, and you can even remove keys if you forget the passphrase.

    Thank Jesus.
  • by jdludlow (316515) on Thursday December 09, 2004 @11:07AM (#11042630)
    ...what are the chances that it's going to hold up to millions of email clients all trying to access keys at once?

    • Extremely good, especially since:
      1. GnuPG caches keys in its local keyring, so you'll only have to retrieve foo@example.com's key one time.
      2. pgp.com seems to have good connectivity.
      3. They are hardly the only public keyserver currently in operation. Other servers cope with the load just fine, so it's probably that pgp.com's servers will also.
    • B-E-T-A. Obviously the final rollout will be more robust.
  • Centralization (Score:3, Interesting)

    by hey (83763) on Thursday December 09, 2004 @11:10AM (#11042652) Journal
    The nice thing about PGP/GPG is that it is decentralized! You don't need to obtain a "certificate" from any big-bad central authority.
    But now this move centralizes things - yuck.
    If you want to send PGP mail to/from a friend,
    just mail public keys to each other.
    • In fact, the point is to be "policy free" with regard to hierachy. There are already several keyservers.

      The idea of a public key is that anyone can contact you securely, and out of the blue! There is no need for unencrypted traffic. For there to be an exchange of keys requires that you make yourself visible and to some extent, identifiable.

      The "public" in "public key cryptography" is so-called because the idea is that keys are published, not merely privately exchanged.
    • by jimbro2k (800351)
      Good point, but this just provides a central option . You can still do a private(?) exchange of public keys with your friends & not friends, or do both..
  • Does anyone know of any OpenLDAP schema files that could be used to create a PGP keyserver using OpenLDAP? It'd be great to have an internal keyserver for our organizational PGP keys without having to use proprietary products.
  • by cesarbremer (701201) on Thursday December 09, 2004 @11:24AM (#11042808)
    A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key? I don't know better solution than having a lot of servers in different countries, under different governments controls and laws, and when the user do a search, he can do the search in a lot of servers. How about having servers in USA, China, France, Germany, China, Finland, North Corea......, and the user can search the user public key in all these databases? When storing the public keys, why not the user store his keys in these distributed servers? Can you really believe that storing your keys under one company control can bring security?
    • A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key?

      That's not how PGP works. Just because a key comes from a particular keyserver doesn't mean that it is the right one. A keyserver just provides a convenient place to stick keys. The web of trust (which is local to your
    • if the central repository is located in USA and the FBI want to do a man-in-the-middle attack?

      Not unless you're amazingly trusting of the repository. Read up on the "web of trust" and how to personally verify the keys you're using to send messages.

      For example, my pubkey has been signed by several friends, and I have signed their pubkeys in kind. If I get a signed email from Charlie (whom I don't know), but his pubkey has been signed by Bob (whom I do know) using his key that I myself signed, then there is a direct path of trust between Charlie and me. If I believe that Bob is an honest guy who wouldn't have signed Charlie's key without personally verifying his identity, then I have cause to that key.

      It's hard to explain the web of trust without making it sound more complicated than it really is. It's somewhat analogous to a friend introducing you to a person you've never met before. If your friend is very gullible, then you won't put much confidence in the ID of the person they're introducing. If your friend is, say, a loan officer who just spent the last month vetting the new person's identity, then you can be reasonably sure that they're giving you accurate information about that person.

      Which brings us back to your question. If you're corresponding with a new contact with no trust pathway to that person, then you have exactly zero reason to believe in their identity simply because they were able to download GnuGP and create a new key. However, if that new person's key was signed by Alice, whose key was signed by Charlie, whose key was signed by Bob, whose key was signed by you, then you have at least some reason to think they're who they say they are.

      There is no real concept of blindly trusting a new person in real life. GnuPG does not magically change this.

      • by Artifakt (700173) on Thursday December 09, 2004 @12:38PM (#11043641)
        Your explanation for the web of trust is cogent, well grounded in reality and still manages to capture the essentials of the process. Nicely done , Sir! One nitpick, however:

        In Alice and Bob explanations, the C party is usually Carol.

        Here's a wiki entry that discusses real life as it applies to cryptography. Its arguements parellel and support some of yours nicely, while also explaining Carol, Dave, and the others.

        http://en.wikipedia.org/wiki/Alice_and_Bob/ [wikipedia.org]

    • > if the central repository is located in USA and the
      > FBI want to do a man-in-the-middle attack?

      This kind of abuse would eventually be proven when the two endpoints of the communication demonstrated that they were given different public keys for each other. Then the FBI _and_ the key service would have some 'splainin to do, not to mention that the key service would be out of business.

      Same principle as Open Source code being secure: someone will eventually find out.
  • I've found that the pgp wotsap has been down recently. Is there any other site that will do the same thing, i.e. find a path from my key to a key I want to trust?
  • A Big Step... (Score:3, Insightful)

    by shaneh0 (624603) on Thursday December 09, 2004 @11:39AM (#11042976)
    Perceived Value is very closely tied to percieved scarcity. As people begin to *realize* that their privacy is as scarce as it actually is, people will begin to value their privacy ergo encryption.

    Feeding that will be dirt simple encryption applications that make it so EASY to encrypt and decrypt that you might as well do it. (Like, for example, the application I'm finishing right now but refuse to plug until it's released)

    The biggest problem now is that if a developer wants to include Public Key encryption abilities in has app he has to create an entire key management system and force users to gather the keys of all their contacts manually because there's just no other way. How many users are going to do that for a program that they only kinda think they need?

    If you want the answer to that question, look at the percentage of users who currently encrypt any large part of their communication (SSL excluded?)

  • by Mstrgeek (820200) on Thursday December 09, 2004 @12:11PM (#11043313)
    well done wrtie up on this topic

    http://www.itweek.co.uk/news/1118258

  • Its a great idea, however there is still a single point-of-failure. Maybe a P2P-style system would be advantageous for this service instead?
  • by molo (94384) on Thursday December 09, 2004 @01:09PM (#11043998) Journal
    Dropping keys from the keyring presents problems with the trust path. For example, A signs B's key. B signs C's key. A now has a trust path to C. If B is dropped from the keyring, no new users can authenticate that trust path. With the current scheme, if N signs A's key, N would now have a trust path to C. With the new scheme, the link to B and C is broken because he can't retrieve B's key.

    Having an email address expire is not a reason to no longer trust a key.

    -molo
  • I'd be very happy if Google implemented a gpg layer to their gmail accounts. This could be fairly transparently to the user, unless the encryption and decryption was done locally. But even if it wasn't, it would still add another layer of protection.

    Perhaps a pay version of gmail in the future will include SSL and use something like gpg in their messages.

  • by hey (83763) on Thursday December 09, 2004 @01:42PM (#11044417) Journal
    ... just use fake PGP [spammimic.com]

We don't know who it was that discovered water, but we're pretty sure that it wasn't a fish. -- Marshall McLuhan

Working...