[messaging] User key lookup and the Web PKI analogy

Mike Hearn mike at plan99.net
Wed Aug 20 08:16:18 PDT 2014

Bear in mind another reason the web uses standalone certs - even with 100%
fast reliable key servers, doing lookups out of band would leak private
browsing data to the CA's/keyservers. Data that they don't want to receive,
but could be forced to keep by data retention laws anyway. This problem
seems to also exist with email. When you can verify a key by just verifying
a bundled cert chain, this problem goes away.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140820/69e6ff6c/attachment.html>

More information about the Messaging mailing list