[messaging] User key lookup and the Web PKI analogy
mike at plan99.net
Wed Aug 20 08:16:18 PDT 2014
Bear in mind another reason the web uses standalone certs - even with 100%
fast reliable key servers, doing lookups out of band would leak private
browsing data to the CA's/keyservers. Data that they don't want to receive,
but could be forced to keep by data retention laws anyway. This problem
seems to also exist with email. When you can verify a key by just verifying
a bundled cert chain, this problem goes away.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging