133 lines
5.7 KiB
Handlebars
133 lines
5.7 KiB
Handlebars
{{#> layout }}
|
|
<div class="about">
|
|
<center><h2><a href="/about">About</a> | News | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/privacy">Privacy Policy</a></h2></center>
|
|
|
|
<h3>
|
|
<div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
|
|
<a href="/about/news#2019-06-12-launch">Launching a new keyserver! 🚀</a>
|
|
</h3>
|
|
|
|
<p>
|
|
From a community effort by
|
|
<a href="https://enigmail.net" target="_blank">Enigmail</a>,
|
|
<a href="https://openkeychain.org" target="_blank">OpenKeychain</a>,
|
|
and <a href="https://sequoia-pgp.org">Sequoia PGP</a>,
|
|
we are pleased to announce
|
|
the launch of the new public OpenPGP keyserver
|
|
<span class="brand">keys.openpgp.org</span>!
|
|
Hurray! 🎉
|
|
|
|
<h4>Give me the short story!</h4>
|
|
|
|
<ul>
|
|
<li>Fast and reliable. No wait times, no downtimes, no inconsistencies.</li>
|
|
<li>Precise. Searches return only a single key, which allows for easy key discovery.</li>
|
|
<li>Validating. Identities are only published with consent,
|
|
while non-identity information is freely distributed.</li>
|
|
<li>Deletable. Users can delete personal information with a simple e-mail confirmation.</li>
|
|
<li>Built on Rust, powered by <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - free and open source, running AGPLv3.</li>
|
|
</ul>
|
|
|
|
Get started right now by <a href="/upload">uploading your key</a>!
|
|
|
|
<h4>Why a new keyserver?</h4>
|
|
|
|
<p>
|
|
We created <span class="brand">keys.openpgp.org</span>
|
|
to provide an alternative to the SKS Keyserver pool,
|
|
which is the default in many applications today.
|
|
This distributed network of keyservers has been struggling with
|
|
<a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">abuse</a>,
|
|
<a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">performance</a>,
|
|
as well as <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">privacy issues</a>,
|
|
and more recently also
|
|
<a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">GDPR</a>
|
|
compliance questions.
|
|
Kristian Fiskerstrand has done a stellar job maintaining the pool for
|
|
<a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">more than ten years</a>,
|
|
but at this point development activity seems to have
|
|
<a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">mostly ceased</a>.
|
|
|
|
<p>
|
|
We thought it time to consider a fresh approach to solve these problems.
|
|
|
|
<h4>Identity and non-identity information</h4>
|
|
|
|
<p>
|
|
The <span class="brand">keys.openpgp.org</span> keyserver splits up
|
|
identity and non-identity information in keys.
|
|
You can find more details on our <a href="/about" target="_blank">about page</a>:
|
|
The gist is that non-identity information (keys, revocations, and so on)
|
|
is freely distributed,
|
|
while identity information
|
|
is only distributed with consent
|
|
that can also be revoked at any time.
|
|
|
|
<p>
|
|
If a new key is verified for some e-mail address,
|
|
it will replace the previous one.
|
|
This way,
|
|
every e-mail address is only associated with a single key at most.
|
|
It can also be removed from the listing
|
|
at any time by the owner of the address.
|
|
This is very useful for key discovery:
|
|
if a search by e-mail address returns a key,
|
|
it means this is the single key
|
|
that is currently valid for the searched e-mail address.
|
|
|
|
<h4>Support in Enigmail and OpenKeychain</h4>
|
|
|
|
<p>
|
|
The <span class="brand">keys.openpgp.org</span> keysever
|
|
will receive first-party support in upcoming releases of
|
|
<a href="https://enigmail.net" target="_blank">Enigmail</a> for Thunderbird,
|
|
as well as
|
|
<a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&hl=en">OpenKeychain</a> on Android.
|
|
This means users of those implementations will
|
|
benefit from the faster response times,
|
|
and improved key discovery by e-mail address.
|
|
We hope that this will also give us some momentum
|
|
to build this project into a bigger community effort.
|
|
|
|
<h4>Current challenges</h4>
|
|
|
|
<p>
|
|
Privacy-preserving techniques in keyservers are still new,
|
|
and sadly there are still a few compatibility issues
|
|
caused by splitting out identity information.
|
|
|
|
<p>
|
|
In particular, when GnuPG (as of this writing, version 2.2.16) encounters
|
|
an OpenPGP key without identities,
|
|
it throws an error "no user ID"
|
|
and does not process new non-identity information
|
|
(like revocation certificates)
|
|
even if it is cryptographically valid.
|
|
We are actively engaged in
|
|
providing fixes for these issues.
|
|
|
|
<h4>The future</h4>
|
|
|
|
<p>
|
|
Privacy-preserving techniques in keyservers are still new,
|
|
and we have more ideas for reducing the metadata.
|
|
But for now, our plan is only to
|
|
keep <span class="brand">keys.openpgp.org</span> reliable and fast 🐇,
|
|
fix any upcoming bugs 🐞,
|
|
and <a href="/about#community">listen to feedback</a> from the community. 👂
|
|
|
|
<p>
|
|
For more info, head on over to
|
|
our <a target="_blank" href="/about">about page</a>
|
|
and <a target="_blank" href="/about/faq">FAQ</a> pages.
|
|
You can get started right away
|
|
by <a href="/upload" target="_blank">uploading your your key</a>!
|
|
Beyond that there is more cool stuff to discover,
|
|
like our <a target="_blank" href="/about/api">API</a>,
|
|
and an <a target="_blank" href="/about/faq#tor">Onion Service</a>!
|
|
|
|
<p>
|
|
Cheers! 🍻
|
|
|
|
{{/layout}}
|