[Gpg4win-users-en] torproject pubkey (Re: gpg4win 3.1.16 with updated GnuPG 2.2.32: No public key found despite having refreshed the keys)

Bernhard Reiter bernhard at intevation.de
Thu Dec 23 10:44:44 CET 2021 

Hi Andrew,

Am Mittwoch 22 Dezember 2021 19:11:53 schrieb Andrew Gallagher:
> I have submitted a clean version of the torproject key (as taken from
> keys.openpgp.org) to the keyserver network, so it should be available
> (if not now, then shortly) from the other working keyservers.

thanks, very good!
(Getting the pubkey from torproject itself would have also been a good way.)

> The side 
> effect is that this has removed any genuine third-party sigs, but I
> think this is preferable to not serving the key at all.

I agree.

> > After the breakdown of the old SKS keyserver network, a new one is just
> > building up and does not yet have the old functionality.
> > (The main reason is that a new software has to be developed.)
>
> The only tested method for synchronising keyservers to protect against
> poison keys is to block those keys entirely. This is a blunt instrument
> but it ensures that the keyservers remain available to serve other keys.

Yes and this is good to have!

> More sophisticated protections are a work in progress, however it is not
> correct to say that modern synchronising keyservers lack functionality.

Currently they cannot serve third party signatures on those pubkeys or those 
pubkeys at all, which I believe is a lack of functionality.

> All that is missing is a shared DNS entry to replace
> pool.sks-keyservers.net, but this just means that you have to pick a
> specific keyserver (GnuPG upstream has chosen keyserver.ubuntu.com as
> the default).

This is also a certain lack of functionality.
(I had just meant to make a very brief statement, glossing over the details.
Maybe you can point me to the reasons you have mentioned elsewhere, why the 
pool DNS entry is problematic.)

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20211223/0b4a1dca/attachment.sig>

More information about the Gpg4win-users-en mailing list