Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Key server (cryptographic)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Leakage of personal relationships === For many individuals, the purpose of using cryptography is to obtain a higher level of [[privacy]] in personal interactions and relationships. It has been pointed out that allowing a public key to be uploaded in a key server when using decentralized web of trust based cryptographic systems, like PGP, may reveal a good deal of information that an individual may wish to have kept private. Since PGP relies on signatures on an individual's public key to determine the authenticity of that key, potential relationships can be revealed by analyzing the signers of a given key. In this way, models of entire social networks can be developed. (Mike Perry's 2013 criticism of the Web of Trust mentions the issue as already been "discussed at length".)<ref>{{cite web |last1=Perry |first1=Mike |title=[tor-talk] Why the Web of Trust Sucks |url=https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html |date=Sep 29, 2013}}</ref> A number of modern key servers remove third-party signatures from the uploaded key. Doing so removes all personal connections into the Web of Trust, thus preventing any leakage from happening. The main goal, however, was to minimize the storage space required, as "signature spamming" can easily add megabytes to a key.<ref>{{cite web |title=keys.openpgp.org FAQ |url=https://keys.openpgp.org/about/faq |website=keys.openpgp.org}}</ref><ref name="Gillmor">{{cite web |last1=Gillmor |first1=Daniel Kahn |title=Abuse-Resistant OpenPGP Keystores [draft-dkg-openpgp-abuse-resistant-keystore-06] |url=https://www.ietf.org/archive/id/draft-dkg-openpgp-abuse-resistant-keystore-06.html |publisher=Internet Engineering Task Force |date=18 August 2023}}</ref>{{rp|at=§2.1}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)