[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Servers



> I wonder if anyone would want to start a PGP key server dedicated only
> to *real* identities. Obviously, there is no such demand with the current ones.

This defeats the purpose for which the PGP Keyservers were created.
The Keyservers were created to give a *SINGLE* place where you could
go to request a PGP key for some name (and it doesn't matter whether
that name is real or not).

Having a keyserver "dedicated only to real identities" would violate
the basis for which the Keyservers were originally created.  Also,
quite recently, the keyserver administrators were discussing new
Keyserver sites, and we all agreed that ALL Keyserver sites would be
interconnected, to make sure that anyone could get any key from any
Keyserver site, no matter which server they use.

By proposing a split in the Keyserver service, you propose breaking
the initial assumption under which the keyservers were created:
Everyone has access to the whole public keyring from any server.

> And please don't start with the `that would be impossible' arguments. A
> key server that had the official policy `if you register here, on your
> honor your legal name is what you give, under penalty of public
> exposure if you are caught' would be enough for me.

Oh, I'm not saying that this is impossible.  It is possible.  It is,
however, unlikely that anyone will, and I personally will oppose any
such move to provide a service such as this.  It is not the job of the
Keyserver to decide whether a key blongs to a real person or not.  The
job of the Keyserver is to provide keys.  All keys.  Any keys.  No
matter who claims to own the key.

The job to decide if a key was a True Name as its owner is a matter
for signators.  Thats what Public Key Signatures are all about!  If
you create some kind of Notary Hierarchy to require two pieces of
picture identification, two major credit cards, and a note from your
mother, then you can guarantee that that is a True Name (assuming you
believe in that hierarchy).

However it is not the job of the Keyserver to provide any sort of
policy as to the keys it provides.  As I've said, the Keyserver is for
key distribution, not for any sort of key validation.  

Thanks,

-derek