[messaging] TOFU to ease PGP key discovery

Daniel Roesler diafygi at gmail.com
Mon Feb 9 09:50:01 PST 2015


Howdy Tankred,

First, I think this is great! Thanks so much for doing this!

Second, a few technical questions:

1. Are you using the sks-keyserver server or did you roll your own HKP
implementation. If you're using sks, can you elaborate on how you
setup your internal infrastructure and API to the core sks-keyserver?
If you rolled your own HKP, is there source code available? I'd love
to find an alternative implementation for HKP that's not written in
OCaml.

2. You mentioned on HN that you gossip with other keyservers[1]. Since
the gossip protocol is completely undocumented, do you know much about
how it works? I've been trying to read the OCaml, but have been
getting very lost. Hockeypuck[2] claims they can do this, but I don't
think it's the same gossip protocol, right?

3. When gossiping, do you accept new keys from other sources that have
a @whiteout.io domain? If I create a public key for "John Smith
<john.smith at whiteout.io>" and upload it to pgp.mit.edu, will that be
synced with your database?

Third, FYI, there is CORS support for sks keyservers as of 1.1.5.
Also, many keyservers are mirrored on port 443 and using root CA
signed certs. I created an ajax publickey.js demo[3] using the
https://keys.fedoraproject.org/ keyserver. You're right, though, that
you can't just use hkps.pool.sks-keyservers.net, since the TLS
certificate in that pool must be signed by the SKS CA (which isn't a
root CA in pretty much every browser).

Thanks again!
Daniel

[1]: https://news.ycombinator.com/item?id=9013852
[2]: https://hockeypuck.github.io/
[3]: https://diafygi.github.io/publickeyjs/

On Mon, Feb 9, 2015 at 12:58 AM, Tankred Hase <tankred at whiteout.io> wrote:
> Hi,
>
> we've added HKP key server support to Whiteout Wail and have written a
> post about usability. Though I'd share it here:
>
> https://blog.whiteout.io/2015/02/06/making-pgp-key-management-invisible-so-johnny-can-encrypt/
>
> Thanks for any feedback!
>
> Tankred
>
> --
> Whiteout Networks GmbH c/o Werk1
> Grafinger Str. 6
> D-81671 München
> Geschäftsführer: Oliver Gajek
> RG München HRB 204479
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging


More information about the Messaging mailing list