From 72227aa08cc4f3c8c861fc47fbc1ac0ffe8d3555 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser
- The keys.openpgp.org website is a public service for the
+ The keys.openpgp.org server is a public service for the
distribution and discovery of OpenPGP-compatible keys, commonly
referred to as a "keyserver".
About | Usage | Privacy Policy | API Docs
- As a user, keys.openpgp.org can be used as - a drop-in replacement for other keyservers, offering fast and reliable - response times. All typical workflows for key updates and discovery by - e-mail address are supported. Keys which are discoverable by e-mail must - be verified by their owner, and can also be deleted by them. See below - for details. + OpenPGP keys contain two types of information:
++ Traditionally, these pieces of information have always been distributed + together. On keys.openpgp.org, they are + treated differently: +
+ ++ The cryptographic metadata of keys can be freely up- and downloaded on + keys.openpgp.org. It consists of technical + information only, which can't be used to identify its owner. It is + important for OpenPGP software to keep this information up to date, in + order to maintain secure and reliable communication. +
+ ++ The identity information in an OpenPGP key is only distributed with + consent. It contains personal data, and is not strictly necessary for + a key to be used for encryption or signature verification. Once the + owner gives consent by verifying their e-mail address, the key can then + be found by others in a search by address. +
+ +This service is run as a community effort. You can talk to us in ##hagrid on Freenode IRC, also reachable as #hagrid:stratum0.org on @@ -37,104 +69,5 @@ a hosting provider focused on Internet Freedom projects, run by Greenhost.
- -The primary function of keys.openpgp.org is the - distribution of updates for OpenPGP public keys. OpenPGP - clients can retrieve updates for keys they already know, in - particular revocations and new subkeys. -
-While cryptographic key material is distributed with no - authentication, e-mail addresses are only distributed - with their owner's consent. See next point for - details.
-We make it a priority to keep the service fast and reliable.
-Users can choose to make a key discoverable for a specific e-mail - address. In order to protect the privacy of our users and - improve the usefulness of the service, some limitations apply: -
-Making a key discoverable for an e-mail address requires simple - validation, to prove ownership of the e-mail address. A key - published in this way can be deleted - by the owner at any time. -
-One of our top priorities is user privacy: -
See our Privacy Policy for more details on - how we store and distribute data.
-Unlike traditional keyservers, keys.openpgp.org does not - distribute key material that isn't cryptographically verified. - This protects keys from unwanted spam, and helps protect the - service itself against "denial of service" attacks. -
-We also do not distribute "third-party" signatures on keys. These - kinds of signatures were typically used to "sign" the keys of - others, in order to support a "Web of Trust" trust model. This - model meant that third parties could attach arbitrary spam to - any key, but didn't prove itself as a very effective trust model - in practice. -
-We are open to alternative approaches that might be implemented - in the future, that avoid this issue. -
-The federation model of the SKS pool led to various problems in - practice, which are incompatible with the goals stated above. -
-We plan to explore options for federation in the future, to allow - users to choose between different service operators again. -
-While keys.openpgp.org can be used to discover keys - for given e-mail addresses reliably, that does not mean - they are trustworthy in a cryptographic sense. -
-Basic validation of e-mail addresses is used to ensure keys are - searchable by e-mail address only with consent of its owner. We - do not sign keys, or perform any other kind of certification - service. -
-That said, we will do what we can to make sure this service is as - reliable and as trustworthy as possible. -
-