On Wed, Jun 15, 2011 at 10:01:52AM +0100, Lars Wirzenius wrote: > On Tue, Jun 14, 2011 at 07:36:18PM -0400, Daniel Kahn Gillmor wrote: > > Of course, the fingerprint plus a URL would allow the recipient to > > verify that it got the correct key. > > That's what I meant. > > Having to rely on keyservers is a bit unfortunate, since they are a > centralized service, and therefore easily blockable. Further, having > to publish one's contacts via key signatures to everyone has some > privacy implications that may be unfortunate.
Not that centralized actually if you use the sks keyserver pool [1] which is a round robin of several keyservers keeping their keyring synchronized. > At some point it may be good to think about those, for FreedomBox > in particular, but it's not a problem that's urgent to solve for > now. I has this thoughts too, and was considering that maybe the freedombox might have the ability to run a keyserver on some of them. Like if some people wants to setup a sort of private community but still want to use gnupg as the underlying trust mechanism, they might decide that one of them should run such a keyserver and every people involved in the community would setup this keyserver as the default one for their identity related to this community. Being a private one, they would decide not to synchronize with the global keyservers pool. They might even synchronize privately several keyservers run by members. Should be easy as sks is shipped into Debian. :) [1] http://sks-keyservers.net/ bert. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
