[messaging] Thoughts on keyservers
bruce at subgraph.com
Mon Aug 18 08:34:38 PDT 2014
On Mon, Aug 18, 2014 at 10:32 AM, Nadim Kobeissi <nadim at nadim.computer> wrote:
> Considering the disaster that CAs have been and how desperately we've been attempting to escape them (Trevor's work on Tack being one of the best examples), why would you want to replace Web of Trust, which is effectively decentralized, for a model that centralizes authority in a way that makes it ripe for compromise by a few actors?
Web of trust is considered problematic for a number of different
reasons including being heavily implicated in Johnny's failure to
encrypt. It's well recognized that web of trust needs to be replaced
by something more scalable and usable and I do agree that a single
central authority would be inappropriate for certification of email
keys which is why in Nyms the trust is distributed among several
> One thing that Nyms does better than the CA system seems to be asking for m-of-n certifications. But I'm having trouble seeing how Nyms would establish its certificate authorities without a top-down hierarchical process. Who decides who gets to be an authority? Who decides which authorities are telling the truth? Can I just game the system by having the most authorities on my side? Why is this secure?
This is a reasonable question to ask. I imagine that the trusted
authorities will be operated by organizations with a reputation for
defending privacy such as the EFF or Freedom of the Press Foundation.
However it doesn't really matter who is running the authorities or if
you can trust all of them, they only need to be independent. Even if
authorities collude to publish malicious keys, this dishonesty will be
detected by users (and by their communication partners) because keys
are periodically and automatically re-requested from the keyserver
network. If keys change unexpectedly alarms will go off and the
incident can be investigated and bad authorities expelled from the
network. Even though I haven't mentioned it in the design, I'm not
opposed to considering a certificate transparency style approach as
well if it can be applied in a way which does not deliver a list of
email addresses to spammers.
More information about the Messaging