Hey. Sorry to "complain"... but I don't quite get the rationale behind that hidden service thingy for our key servers - at least not as it's seemed to be deployed right now.
There's basically two sides of anonymity here... the clients and the servers. For the clients to be anonymous, we, as servers, shouldn't need to set up hidden services.. it should be enough for the clients to use to. On the server side, the only use case (which is actually a good use case), I see, would be that we could basically hide keyservers from powerful players, that may e.g. force a larger number of keyserver operators to delete, obstruct, etc. certain keys or parts of them, which may help them in their evil doings. But that would only work, if the hidden services remain unknown, i.e. for each of the current keyserver operators (aka "we") it's more or less useless to ever run a Tor-hidden keyserver,... our names are quite likely already recorded and such "powerful players" should have a very easy time to find and of our rented/owned machines, even if we'd e.g. drop the non-hidden service for say a year. If these servers run both, the non-hidden and the hidden keyserver, than the whole thing is, AFAICS, totally useless[0]. Or do I miss anything? In case I don't, the sks status page colours would be actually misleading IMHO: being "green" on the Tor column shouldn't be possible while being green at any of the other current columns, as this basically means... the server isn't actually hidden. So what we'd rather need is that many new operators we get, remain completely hidden from the beginning on, which is actually a quite difficult task: - email communication with this list and peers need to be hidden/anonymous - the actual SKS (recon and soon) with the remainder of the server needs to be hidden/anonymous - downloading any of the packages/source, via distros and so on, needs to be hidden/anonymous Even then, I wouldn't bet that Tor really anonymizes such SKS server. They way SKS works, with the mesh and everything and the more or less specific data pattern in terms when keys are recon'ed... may be just one of these things that powerful players may abuse to find out who someone is. And of course it shall be noted, that Torrifying parts of the SKS network doesn't make it more trustworthy. It still has the issues that has been discussed here and elsewhere several times... and which I think, can only somewhat solved, by the client side, if that would generally query/send to a big bunch of keyservers. hkps is IMHO only little help there, especially as it has the big problem of the strict hierarchical trust... but even if one would replace that it would still be necessary for clients to ideally contact a lot of clients for every query/submission. Cheers, Chris. [0] Perhaps with the exception that such actually visible server, which do however run a hidden Tor service as well, may be needed for the actually fully hidden ones to recon.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel