Somebody, probably Florian, wrote:
> I couldn't find a PGP key server operator that committed itself to
> keeping logs confidential and deleting them in a timely manner (but I
> didn't look very hard, either).

Keyservers are a peripheral issue in PGP -
important for convenience and for quick distribution of revocation lists,
but they're very strongly just a tool for convenience.

Security through Inconvenience is one flipside of Security through Obscurity, I suppose...

If you've got a threat model that includes traffic analysis,
then either you and your unindicted co-conspirators
need to find other ways to exchange keys,
like printing them on business cards,
or find a keyserver that lets you suck down all the keys
so it's not obvious which key you're looking for,
or start using Tor to access the keyservers.

Or you could try using the Google Keyserver -
  just because there isn't one
doesn't mean you can't type in "9E94 4513 3983 5F70"
or 9383DE06   or   [EMAIL PROTECTED] "PGP Key"
and see what's in Google's cache.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to