One theme in the keyserver discussion is seeking analogies with the Web PKI, or trying to adapt ideas from it (like CT). But the Web PKI evolved under performance constraints that are very different from "user key lookup", so we should be careful.
In particular, for latency and reliability reasons browsers don't want to perform extra lookups during an SSL handshake. So the browser has to verify the server's certificate without another source of information, which means the certificate has to be endorsed by an authority the browser already knows about. This dictates the centralized nature of the CA system and CT. But user key lookup is a rarer operation than visiting a web page, so can take more time. So it might be OK if Alice looks up Bob's key however she wants: central directory, Bob's provider, various key servers she trusts for different reasons, an aggregator, or some combination. There may still be reasons to prefer a centralized system, or to use it in conjunction with other options. But I think that needs to be justified on better grounds than "it worked for the web", and also taking consideration the risks of centralization Moxie's written about: http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/ Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
