[messaging] Thoughts on keyservers

Mike Hearn mike at plan99.net
Mon Aug 18 02:39:22 PDT 2014

> A different approach is to have Bob's service provider, as specified
> in his username, be his keyserver

One approach I've been wanting to prototype is exploiting DKIM.

That is, to get someone's public key you just ask them for a short hash via
email and then check the DKIM signature on the email you received using
e.g. a special client that speaks IMAP, or a browser extension. DNSSEC
would give you a chain of trust if implemented, but the email market is
concentrated enough that the DKIM keys of most major providers could simply
be hard-coded for now and then diverse DNS lookups executed via Tor to
convince yourself of the correct DKIM key for smaller providers.

Whilst this can be entirely decentralised if you're willing to send a
message like "Hey, can you send me your key?", with a bit more
centralisation you can have users register by just sending an email to a
key server registration address with your key attached, the key server
would verify the DKIM signature on the email and then connect the users
public key with their address.

You'd probably want to do what miniLock does and talk about IDs instead of
keys though. Like having an instruction that says, "to register with your
email address, just put your easyTalk ID in the subject line of an email to
register at foo.net".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140818/3a940342/attachment.html>

More information about the Messaging mailing list