On 03/23/2009 06:18 AM, Werner Koch wrote: > On Fri, 20 Mar 2009 20:42, d...@fifthhorseman.net said: > >> I'd prefer to be able to use an encrypted channel to these particular >> machines, which i have reason to believe will not betray that trust. > > Your goal is not encryption but anonymouse key retrieval. Using TOR is > an easier and better alternative.
Sorry, but i disagree. the quasi-anonymity provided by OpenPGP
certificate retrieval via cleartext HKP over tor does not:
* assure me that the host i'm connecting to is in fact the keyserver
which i trust to return reasonable information, or
* assure me that data has not been tampered with in transit between the
tor exit node and the keyserver, or
* hide my queries from an snoop on the same network segment as the
keyserver or anywhere between the tor exit node and the keyserver.
My particular collection of OpenPGP certificates (certs whose updates
would be fetched en masse during something like "gpg --refresh-keys")
probably represents a rare enough subset of the global keyspace to be
able to identify as me to a sufficiently motivated attacker.
While tor is certainly a good option to obscure where i'm connecting
*from* (something which hkps does not achieve), it does not meet the
same goals as a TLS-wrapped connection to a keyserver.
--dkg
signature.asc
Description: OpenPGP digital signature
