slide 17-18 (keyserver)
This commit is contained in:
parent
a356662a39
commit
a7e08863cd
1 changed files with 41 additions and 2 deletions
|
|
@ -320,6 +320,47 @@ E ancora: Forward secrecy, Context binding, Web of Trust, Key Verification, ...
|
|||
- Proposta "Replacement Key": avere due chiavi, una v4 e una v6, reciprocamente firmate; un meccanismo semiautomatico gestisce retrieve e fallback
|
||||
|
||||
|
||||
---
|
||||
<style scoped>
|
||||
ul {margin-top:15px; margin-bottom:0px; font-size:35px}
|
||||
ul ul ul {font-size: 33px; list-style-type: circle; padding-left: 40px}
|
||||
p {margin-top: 20px}
|
||||
</style>
|
||||
# Key distribution/discovery: problemi
|
||||
|
||||
Voglio scrivere a alice@openpgp.example, dove trovo la chiave pubblica?
|
||||
|
||||
- Keyserver tradizionali (PKS, SKS)
|
||||
- Problemi legali: GDPR
|
||||
- Problemi tecnici: _Certificate flooding_ e altri abusi
|
||||
- _Trolling the Web of Trust_ - [Micah Lee OHM2013](https://github.com/micahflee/trollwot)
|
||||
- _The SKS keyserver network is dying_ - [dkg 2019](https://lists.riseup.net/www/arc/monkeysphere/2019-04/msg00004.html)
|
||||
- _Community Impact of OpenPGP Certificate Flooding_ - [dkg 2019](https://dkg.fifthhorseman.net/blog/community-impact-openpgp-cert-flooding.html)
|
||||
|
||||
Risultato: giugno 2021 [**sks-keyservers.net shutdown**](https://lists.nongnu.org/archive/html/sks-devel/2021-06/msg00001.html)
|
||||
|
||||
---
|
||||
<style scoped>
|
||||
ul {font-size: 35px; margin-top:40px}
|
||||
li ul {font-size: 33px;margin-top:0}
|
||||
li ul li {margin-top:15px}
|
||||
strong {background-color: #8b00f0;font-style: normal; font-weight: bold}
|
||||
small {font-size:21px; display:block; margin: 10px 0 0 20px}
|
||||
</style>
|
||||
# Key distribution/discovery: proposte
|
||||
|
||||
- [_Abuse Resistant Keystores_](https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/)
|
||||
- _Verifying Keyservers (VKS)_
|
||||
- [_First-Party Approved Third-Party Certifications_](https://datatracker.ietf.org/doc/draft-dkg-openpgp-1pa3pc/)
|
||||
- [_Timestamp aware merge strategy_](https://github.com/hockeypuck/hockeypuck/wiki/HIP-3:-Timestamp-aware-merge-strategy)
|
||||
|
||||
- [Web Key Directory](https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service) Draft 2016 - Work In Progress
|
||||
<small>h<span/>ttps://openpgpkey.__openpgp.example__/.well-known/openpgpkey/__openpgp.example__/hu/__${zbase32(sha1("alice"))}__?l=__alice__</small>
|
||||
- DNS (DANE) [RFC 7929](https://datatracker.ietf.org/doc/html/rfc7929) (2016)
|
||||
<small>nslookup __${hex(sha256("alice"))}__._openpgpkey.__openpgp.example__.</small>
|
||||
- LDAP, Keybase, Autocrypt, ...
|
||||
|
||||
|
||||
---
|
||||
# TODO
|
||||
|
||||
|
|
@ -361,8 +402,6 @@ https://blog.pgpkeys.eu/state-keyservers-2024.html
|
|||
- OpenPGP for application developers
|
||||
https://openpgp.dev/book/
|
||||
|
||||
|
||||
|
||||
---
|
||||
<!-- _class: bigtitle -->
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue