Re: [Sks-devel] new keyserver online

[David Shaw]

On Aug 22, 2010, at 9:27 AM, Robert J. Hansen wrote:

> While I concur with you, Christoph, there's one minor error that should
> probably be corrected:
> 
>> No keyserver is a CA...
> 
> Most keyservers are CAs, in that the people who run the keyservers have
> signed other people's keys.

Robert, are you really saying what you seem to be saying?  The action of the 
owners doesn't make a keyserver a CA.  That makes the person running the 
keyserver a CA.  If I signed a bunch of keys and put them up on my web server, 
it wouldn't make my web server a CA.  Similarly, if I signed someone's key and 
gave it to him on a USB stick, it wouldn't make the USB stick a CA.

Most keyservers are a database plus a web server plus a key distribution 
protocol.  It's a storage place for keys.  The CA is the person/entity issuing 
signatures.  The method they use to distribute these signatures (be it 
keyserver, sneakernet, or morse code) does not change that.

The PGP "Global Directory" keyserver, by comparison, is a CA.  It issues the 
signatures, and isn't just storage.

David