The OpenPGP keyservers developed in the 1990s suffered from a few problems. Once a accessible key has been uploaded, it is difficult to remove. Some users stop application their accessible keys for assorted reasons, such as back they balloon their canyon phrase, or if their clandestine key is compromised or lost. In those cases, it was adamantine to annul a accessible key from the server, and alike if it were deleted, addition abroad can upload a beginning archetype of the aforementioned accessible key to the server. This leads to an accession of old deposit accessible keys that never go away, a anatomy of "keyserver plaque". Another botheration is that anyone can upload a artificial accessible key to the keyserver, address the name of a being who in actuality does not own that key. The keyserver had no
way to analysis to see if the key was legitimate
.
To break these problems, PGP Corp developed a fresh bearing of key server, alleged the PGP Global Directory. This keyserver beatific an email acceptance appeal to the accepted key owner, allurement that being to affirm that the key in catechism is theirs. If they affirm it, the PGP Global Directory accepts the key. This can be renewed periodically, to anticipate the accession of keyserver plaque. The aftereffect is a college affection accumulating of accessible keys, and anniversary key has been vetted by email with the key's credible owner. However, it should be acicular out that because PGP Global Directory allows key annual maintanence and verifies alone by email, not cryptographically, anybody accepting admission to the email annual could for archetype annul a key and upload a artificial one.
The aftermost IETF abstract for HKP additionally defines a broadcast key server network, based on DNS SRV records: to acquisition the key of someone@example.com, one can ask it to example.com's key server.
way to analysis to see if the key was legitimate
.
To break these problems, PGP Corp developed a fresh bearing of key server, alleged the PGP Global Directory. This keyserver beatific an email acceptance appeal to the accepted key owner, allurement that being to affirm that the key in catechism is theirs. If they affirm it, the PGP Global Directory accepts the key. This can be renewed periodically, to anticipate the accession of keyserver plaque. The aftereffect is a college affection accumulating of accessible keys, and anniversary key has been vetted by email with the key's credible owner. However, it should be acicular out that because PGP Global Directory allows key annual maintanence and verifies alone by email, not cryptographically, anybody accepting admission to the email annual could for archetype annul a key and upload a artificial one.
The aftermost IETF abstract for HKP additionally defines a broadcast key server network, based on DNS SRV records: to acquisition the key of someone@example.com, one can ask it to example.com's key server.
No comments:
Post a Comment