[messaging] Thoughts on keyservers
mike at plan99.net
Mon Aug 18 07:55:54 PDT 2014
Risking off-topicness ...
> Considering the disaster that CAs have been <snip>
I know this is a very typical viewpoint, but I've become increasingly
skeptical of it in recent years. Given the enormous scale of the PKI there
have been remarkably few (detected) compromises. Despite many handwaved
claims that "of course" the CA system is pwned by governments, Snowden's
archive appears to have contained no discussion of compromising CA's
(perhaps because it's easier and more stealthy to hack the endpoints). To
claim the PKI is a disaster would imply that it's much worse than other
systems, even though we know for a fact that there are fake keys floating
around PGP key servers and the like.
The internet CA's have collectively verified the identity of millions of
disparate actors, probably only EMV / ICAO run larger PKIs. I would not
expect nor demand a zero percent failure rate for such a system: just a
rate that's good enough and a process for continuous improvement.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging