From 75240e0a9e8831c652dc88fd9ab3b37839dade2e Mon Sep 17 00:00:00 2001 From: Fabrizio T Date: Sun, 10 Nov 2024 15:30:07 +0100 Subject: [PATCH] ultime 2 slide sui keyserver --- src/slides.md | 172 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 170 insertions(+), 2 deletions(-) diff --git a/src/slides.md b/src/slides.md index d547a65..17e21a3 100644 --- a/src/slides.md +++ b/src/slides.md @@ -360,11 +360,179 @@ Risultato: giugno 2021 [**sks-keyservers.net shutdown**](https://lists.nongnu.or nslookup __${hex(sha256("alice"))}__._openpgpkey.__openpgp.example__. - LDAP, Keybase, Autocrypt, ... +--- + +# Keystore a confronto + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PropertyGeneral Purpose KeyserversDomain-restricted KeyserversNon-Keyserver Keystores
HockeypuckHagridOnakMailvelopeProtonWKDLDAPKeybase
DecentralisationYes1NoYes2NoNoYes3NoNo
GeneralityYesYesYesNoNoNoNoYes
UID verificationNoYesNoYesYesYesYesNo
Non-email UIDsYesNoYesNoNoNoYesYes
UID searchYesYesYesYesYesYesYesYes(?)
Fingerprint searchYesYesYesYesYesNoYesNo
CertificationsYesLimitedYesYesYesYesYesYes
Self-sovereigntyIn progressLimitedNoYes(?)YesYesYesYes
Key deletionYesYesYes(?)YesYesYesYesYes
HKP APIYesYesYesLimitedLimitedNoNoNo
+ +_1By syncronization 2By forwarding 3By delegation_ + +Fonte: Andrew Gallagher, [_The State of the Keyservers in 2024_](https://blog.pgpkeys.eu/state-keyservers-2024.html) (gennaio 2024) --- -# TODO + +# Keystore a confronto + +| | autocrypt | attachment | embedded certificate subpacket | URL header | HKP over email | HKPS | WKD | DANE | Tor OHTTP+HKP | +| ------------------------------ | --------- | ----------- | ------------------------------ | ---------- | ---------------- | ----------- | ----------- | ------------- | ------------- | +| transport method | inband | inband | inband | inband | inband | out of band | out of band | out of band | out of band | +| no leakage | ✓ | ✓ | ✓ | | | | | | ✓ | +| constrained network | ✓ | ✓ | ✓ | | ✓ | | | | | +| no SPOF | ✓ | ✓ | ✓ | | ✓ | ? | ✓ | ✓ | ? | +| zero roundtrip | ? | | | | ✓ | ✓ | ✓ | ✓ | ✓ | +| independent of domain operator | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | | ✓ | +| freshness | | | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| freshness for opt out | ? | | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| easy delegation | | | | | | | ? | ✓ | | +| integrity in transit | | ✓ (if DKIM) | ✓ (if DKIM) | | ✓ (if DKIM) | ✓ | ✓ | ✓ (if DNSSEC) | ✓ | +| minimal work for user | ✓ | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + +Fonte: [_Minutes of the 8th OpenPGP Email Summit_](https://www.openpgp.org/community/email-summit/2024/minutes/) (giugno 2024) -todo ---