Re: [Sks-devel] new keyserver online

[Arnold]

On 08/22/2010 03:54 AM, C.J. Adams-Collier KF7BMP wrote:
> On Sat, 2010-08-21 at 22:37 +0200, Christoph Anton Mitterer wrote:
>> On Mon, 2010-08-09 at 12:54 -0400, C.J. Adams-Collier wrote:
>>> Cool.  Could you sign something for me so's I have a relatively strong
>>> indication that you own the pub key I will associate with the server?
>>...
>> What I did,... and what should be even a better prove that the key
>> belongs to the owner of the server is:
>>
>> I've added a file at:
>> http://scientia.net/adams-collier.keyinfo
>> which contains the fingerprint + my name.
>> ...
> No.  And I advise all others to avoid peering with you until you can
> prove that you own the private key that will be associated with the
> keyserver.

Why?

Keys and certificates identify persons, not ownership of a server. Whether
or not you trust the signers of the key or certificate is up to you.

For the server, all he can do is prove he has sufficient access rights
(which he offered and is also inherent to modifying the membership file). Or
you can contact the domain owner offline (using WHOIS information).

But then, why won't you peer with an anonymously operated server? In some
countries that might be necessary. After all, each public key a key server
provides, should initially be regarded as 'untrusted'.

The only thing I'm interested in is if the server is operated by a
sufficiently skilled administrator. Something certificates won't tell.


> http://apps.leg.wa.gov/rcw/default.aspx?cite=19.34.210

This is a national law / ruling applicable to just one country. It is
useless in the rest of the world (ref. art. 3a, for example) and not
applicable to PGP-keys, as they are not depending on a certification
authority to be valid for the user.

Arnold

signature.asc
Description: OpenPGP digital signature