keys.openpgp.org

About | News | Usage | FAQ | Stats | Privacy

Is this server part of the "SKS" pool?

No. The federation model of the SKS pool has various problems in terms of reliability, abuse-resistance, privacy, and usability. We might do something similar to it, but keys.openpgp.org will never be part of the SKS pool itself.

Is keys.openpgp.org federated? Can I help by running an instance?

For the moment, no. We do plan to decentralize keys.openpgp.org at some point. With multiple servers run by independent operators, we can hopefully improve the reliability of this service even further.

Several folks offered to help out by "running a Hagrid server instance". We very much appreciate the offer, but we will probably never have an "open" federation model like SKS, where everyone can run an instance and become part of a "pool". This is for two reasons:

  1. Federation with open participation requires all data to be public. This significantly impacts the privacy of our users, because it allows anyone to scrape a list of all e-mail addresses.
  2. Servers run as a hobby by casual administrators do not meet our standards for reliability and performance.

Why is there no support for identities that aren't e-mail addresses?

We require explicit consent to distribute identity information. Identities that aren't e-mail addresses, such as pictures or website URLs, offer no simple way for us to acquire this consent.

Note: Some OpenPGP software creates keys with incorrectly formatted e-mail addresses. These addresses might not be recognized correctly on keys.openpgp.org.

Can I verify more than one key for some e-mail address?

An e-mail address can only be associated with a single key. When an address is verified for a new key, it will no longer appear in any key for which it was previously verified. Non-identity information will still be distributed for all keys.

This means a search by e-mail address will only return a single key, not multiple candidates. This eliminates an impossible choice for the user ("Which key is the right one?"), and makes key discovery by e-mail much more convenient.

What do you do to protect outgoing verification e-mails?

We use a modern standard called MTA-STS, combined with STARTTLS Everywhere by the EFF, to make sure verification e-mails are sent out securely. This protects against eavesdropping and interception during delivery.

The MTA-STS mechanism depends on correctly configured e-mail servers. You can run this test to see if your e-mail provider supports it. If the "MTA-STS" entry on the left isn't a green checkmark, please ask your provider to update their configuration.

Do you distribute "third party signatures"?

Short answer: No.

A "third party signature" is a signature on a key that was made by some other key. Most commonly, those are the signatures produced when "signing someone's key", which are the basis for the "Web of Trust". For a number of reasons, those signatures are not currently distributed via keys.openpgp.org.

The killer reason is spam. Third party signatures allow attaching arbitrary data to anyone's key, and nothing stops a malicious user from attaching so many megabytes of bloat to a key that it becomes practically unusable. Even worse, they could attach offensive or illegal content.

There are ideas to resolve this issue. For example, signatures could be distributed with the signer, rather than the signee. Alternatively, we could require cross-signing by the signee before distribution to support a caff-style workflow. If there is enough interest, we are open to working with other OpenPGP projects on a solution.

Why not sign keys after verification?

The keys.openpgp.org service is meant for key distribution and discovery, not as a de-facto CA. Client implementations that want to offer verified communication should rely on their own trust model.

Why are revoked identities not distributed as such?

When an OpenPGP key marks one of its identities as revoked, this identity should no longer be considered valid for the key. And this information should ideally be distributed to all OpenPGP clients that already know about the newly revoked identity.

Unfortunately, there is currently no good way to distribute revocations, that doesn't also reveal the revoked identity itself. We don't want to distribute revoked identities, so we can't distribute the identity at all.

There are proposed solutions to this issue, that allow the distribution of revocations without also revealing the identity itself. But so far there is no final specification, or support in any OpenPGP software. We hope that a solution will be established in the near future, and will add support on keys.openpgp.org as soon as we can.

Do you support Tor?

Of course! If you have Tor installed, you can reach keys.openpgp.org anonymously as an onion service:
zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion

Why not encrypt verification e-mails?

Various reasons:
  1. It is more complicated, both for our users and for us.
  2. It doesn't prevent attacks - an attacker gains nothing from uploading a key they don't have access to.
  3. Deletion would still have to be possible even when a key is lost.
  4. It would require a different (and more complicated) mechanism to upload keys that can only sign.

I have trouble updating some keys with GnuPG. Is there a bug?

This is a problem with current versions of GnuPG. If you attempt to update a key from keys.openpgp.org that contains no identity information, GnuPG will refuse to process the key:

$ gpg --receive-keys A2604867523C7ED8
gpg: key A2604867523C7ED8: no user ID

We are working with the GnuPG team to resolve this problem.

Hagrid v0.1.0 built from 2440d37

Powered by Sequoia-PGP

Background image retrieved from Subtle Patterns under CC BY-SA 3.0