From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Thu Oct 11 2001 - 11:47:07 CDT
In <20011010193612.F20770@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>On Wed, Oct 10, 2001 at 11:56:36AM +0000, Charles Lindsey wrote:
>>
>> What is actually needed is a distributed database containing useful keys,
>> certificates, revocations, etc. The present PGP key servers are NOT
>> particularly suitable for this, but I could imagine a database that was
>> maintained by the Usenet progagation mechanism, using certain moderated
>> groups, and maybe the Replaces or Named-Article facility.
>This is far more complex than just putting the certificates in the articles.
Not at all. Each site keeps a set of keys (the existing PGP Key Ring
format would actually do quite well, though a tailor made solution would
likely be better). Certain newsgroups (perhaps one per hierarchy) would
carry articles containing keys, which would be automatically downloaded
into the database as received. Naturally, these groups would be moderated,
or use Named-Articles, or both. There might also be web sites storing such
keys (though I would not recommend the present PGP key servers for the
purpose).
Now an article needs to be signed by only one key, because you can look up
in your database the whole history of why you should trust it.
>Why is putting the certificates in the articles so bothersome to you?
What your scheme carefully omits to mention is the matter of revocation.
There absolutely MUST be a worldwide database of revocations, cached
locally. If you are going to have that database anyway, then you may as
well keep ALL the keys in it.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5