[messaging] User key lookup and the Web PKI analogy

Trevor Perrin trevp at trevp.net
Tue Aug 19 03:27:09 PDT 2014


One theme in the keyserver discussion is seeking analogies with the
Web PKI, or trying to adapt ideas from it (like CT).  But the Web PKI
evolved under performance constraints that are very different from
"user key lookup", so we should be careful.

In particular, for latency and reliability reasons browsers don't want
to perform extra lookups during an SSL handshake.  So the browser has
to verify the server's certificate without another source of
information, which means the certificate has to be endorsed by an
authority the browser already knows about.  This dictates the
centralized nature of the CA system and CT.

But user key lookup is a rarer operation than visiting a web page, so
can take more time.  So it might be OK if Alice looks up Bob's key
however she wants: central directory, Bob's provider, various key
servers she trusts for different reasons, an aggregator, or some
combination.

There may still be reasons to prefer a centralized system, or to use
it in conjunction with other options.  But I think that needs to be
justified on better grounds than "it worked for the web", and also
taking consideration the risks of centralization Moxie's written
about:

http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/


Trevor


More information about the Messaging mailing list