[messaging] TOFU to ease PGP key discovery

Tankred Hase tankred at whiteout.io
Tue Feb 10 02:26:31 PST 2015

Hi Daniel,

> 1. Are you using the sks-keyserver server or did you roll your own HKP
> implementation. If you're using sks, can you elaborate on how you
> setup your internal infrastructure and API to the core sks-keyserver?
> If you rolled your own HKP, is there source code available? I'd love
> to find an alternative implementation for HKP that's not written in
> OCaml.

Our key server is written in node.js, uses MongoDB and runs on AWS
Elastic Beanstalk Infrastructure

Our server code is pretty specific to our service, so I don't know if
it would make sense to open source that. Right now we are open
sourcing only the client app.

> 2. You mentioned on HN that you gossip with other keyservers[1]. Since
> the gossip protocol is completely undocumented, do you know much about
> how it works? I've been trying to read the OCaml, but have been
> getting very lost. Hockeypuck[2] claims they can do this, but I don't
> think it's the same gossip protocol, right?

Our "gossiping protocol" is quite simple at the moment. We didn't
implement a standard. It just act as a proxy to five common SKS
servers. This is mainly because of the lack of CORS and reliability as
mentioned in the blog post.

If we don't find a verified public key in our directory, we proxy the
following GET request:


To these five servers and return the fastest response:


These were the most reliable servers in my tests. Especially the
ubuntu key server seems to be the fastest most of the time.

> 3. When gossiping, do you accept new keys from other sources that have
> a @whiteout.io domain? If I create a public key for "John Smith
> <john.smith at whiteout.io>" and upload it to pgp.mit.edu, will that be
> synced with your database?

We don't sync. We proxy requests for fetches and uploads.

> Third, FYI, there is CORS support for sks keyservers as of 1.1.5.
> Also, many keyservers are mirrored on port 443 and using root CA
> signed certs. I created an ajax publickey.js demo[3] using the
> https://keys.fedoraproject.org/ keyserver. You're right, though, that
> you can't just use hkps.pool.sks-keyservers.net, since the TLS
> certificate in that pool must be signed by the SKS CA (which isn't a
> root CA in pretty much every browser).

Good to know thanks!


> Thanks again!
> Daniel
> [1]: https://news.ycombinator.com/item?id=9013852
> [2]: https://hockeypuck.github.io/
> [3]: https://diafygi.github.io/publickeyjs/
> On Mon, Feb 9, 2015 at 12:58 AM, Tankred Hase <tankred at whiteout.io> wrote:
>> Hi,
>> we've added HKP key server support to Whiteout Wail and have written a
>> post about usability. Though I'd share it here:
>> https://blog.whiteout.io/2015/02/06/making-pgp-key-management-invisible-so-johnny-can-encrypt/
>> Thanks for any feedback!
>> Tankred
>> --
>> Whiteout Networks GmbH c/o Werk1
>> Grafinger Str. 6
>> D-81671 München
>> Geschäftsführer: Oliver Gajek
>> RG München HRB 204479
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging

Whiteout Networks GmbH c/o Werk1
Grafinger Str. 6
D-81671 München
Geschäftsführer: Oliver Gajek
RG München HRB 204479

More information about the Messaging mailing list