New PGP Keyserver checks mail addresses

The previous concept of the PGP key servers has reached its limits, the existing keyservers are becoming increasingly unreliable. Now there is a new keyserver with a different concept. Personal data will be distributed only after checking the e-mail address.

12 New PGP Keyserver checks mail addresses New PGP Keyserver checks mail addresses

Under future a PGP key server running with the writing in Rust software Hagrid. Operate is the new key servershared by the developers of Enigmail, Openkeychain and Sequoia. Unlike previous PGP keyservers, this data is not distributed unchecked. The new keyserver checks keys and distributes personal data only after checking the mail address.

The key servers have been an important part of the PGP ecosystem in the past. The key servers previously used with the SKS software worked in such a way that PGP keys could be uploaded at will and exchanged between the different servers.

Delete data was not provided

Delete key was not provided, you could only provide them with a so-called revocation signature and mark as invalid. The content was not checked, anyone can upload keys. As a result, you could attach any additional data such as subkeys, signatures, or new identities to a key.

Among other things, this means that it is relatively easy to make an existing key unusable – which has been more common in recent times. For this one can hang for example numerous meaningless additional user identifications to a key.

Relatively fast, this means that the server can no longer export these keys and at the same time generates a high CPU load. Such “poisoned key” attacks have recently left many of the classic PGP keyservers unreachable.

In addition to these attacks, there is a legal problem with the operation of the keyserver. Because the EU data protection law provides that users can demand the deletion of personal data.

Personal data only after mail address check

The new key server, which has now been started, checks cryptographically whether new data belongs to a key. More importantly, keys can still be uploaded by anyone, but the name and email address of a key are not distributed automatically. They will only be accepted if the owner confirms the email address. You can also delete keys after a confirmation email.

For example, it can distribute revocation information about stale keys without uploading the identities contained in the key. In addition, there is a certain hurdle to placing wrong keys for the mail addresses of others on the key server, even if this does not provide absolute security.

It is not intended that users distribute signatures on the keys of other users. In the past, this has been used in the PGP community to indirectly verify the authenticity of keys through the so-called Web of Trust. But there are many doubts about the usefulness of the Web of Trust.