Talk:Key server (cryptographic)

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Mid‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Cryptography: Computer science Mid‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Mid This article has been rated as Mid-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Mid-importance).

Wouldn't this be an appropriate page to list some indices of popular keyservers? -- anon

Perhaps, although we want to avoid adding lots because Wikipedia discourages large directories of external links. One idea would be to link to a page which lists lots of key servers. — Matt Crypto 07:13, 11 Mar 2005 (UTC)

Matt, could you make this a redirect to Key server (cryptographic), I made a disambiguation and started expanding the article. But, I don't think I have access privileges to make a redirect. I'm not 100% sure I did the disambiguation correctly, so feel free to make what ever changes. Thanks. — V. Alex Brennen Fri Nov 4 10:21:57 EST 2005

PGP Corp. has created a centralized keyserver due to the difficulty of implementing the openpgp protocol. Many existing keyservers have difficulty handling subkey packets (damaging them), and ignore many other important types of packets altogether. Therefor, people are probably better to run with their default configurations for now rather than making use of listings. — V. Alex Brennen Thu Sep 29 12:41:09 EDT 2005

Righty, that's done. — Matt Crypto 19:04, 4 November 2005 (UTC)[reply]

This article really doesn't deal much with the role of the public key server in the web of trust. Some mention of the fact that many public key servers enable other users to update your public key with their trust certifications (signatures) would be useful, as this is one of the advantages of this over other distribution methods. It would also bear mentioning that many of these servers communicate information about key revocation.

Some mention of synchronization between various public key servers and its consequences would also be useful.

Barring negative reaction, I would happily make these changes.
Reskusic 19:20, 8 March 2007 (UTC)[reply]

I think this would be a wonderful addition. Key Revocation is one aspect that I think is really missing in the article. I think this is needed as this is how the "plaque" problem is supposed to be addressed. Old signatures (pre-revocation) would then still be treated as valid and the problem of bogus keys would be averted.

It might also serve to point out that relying solely on the newer PGP Open directory could lead to potential identity errors as revocations would fall off the server instead of pointing out unreliable signatures.

ZZ (talk) 16:35, 22 February 2008 (UTC)[reply]

This section is really confusing in my opinion. It looks like PGP is somehow less secure than the whole PKI? There's no difference between publishing certificates/keys which are public. This sounds like a typical security by obscurity, and it's sounds weird. Every security system can be broken and PGP is not an exception. If the attacker cannot obtain your public key, means nobody can means there's no way for the people in the Net to tell who you are, means PGP/PKI is useless - anonymous. —Preceding unsigned comment added by 193.41.16.26 (talk) 09:38, 25 September 2007 (UTC)[reply]

This section seems to say that "PGP Global Directory" (which I admit I have never heard of) solves the problem of not proving ownership of the keys (and indirectly that this is a problem). Is this a widely shared view? People who use PGP typically require a photo ID to prove ownership — that's significantly stronger than having control over an e-mail account for a few minutes. JöG (talk) 21:40, 9 December 2009 (UTC)[reply]

Update: PGP Corp also discusses this issue at https://keyserver.pgp.com/vkd/VKDVerificationPGPCom.html. Looks sane to me. JöG (talk) 21:45, 9 December 2009 (UTC)[reply]

The stale key problem can be solved by requiring an expiration date for a key and the auto-purge of expired keys (after a grace period). If someone wants to set their public key expiration date to be more than 10 years in the future (e.g. year 2038), that's their choice -- but it will eventually expire and be removed. 71.106.210.230 (talk) 23:29, 17 November 2010 (UTC)[reply]

I think an important point is that since the pgp global dir system is only using email verification anybody who has/gets access to the email account can delete a key and upload a new one (or might also have access to the private key if they've cracked a users account and have access to both e-mail and private key). This seems wildly insecure to me. I certainly won't trust any keys from pgp global dir, and I think this large security hole should be pointed out in this section. — Preceding unsigned comment added by 85.183.235.35 (talk • contribs) 22:54, 21 January 2012‎

Hello fellow Wikipedians,

I have just modified one external link on Key server (cryptographic). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20081023070401/http://subkeys.pgp.net:11371/ to http://subkeys.pgp.net:11371/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 13:43, 9 December 2017 (UTC)[reply]

I'm having a hard time telling what the relationship is between the original thesis and the patent assigned to Network Associates. Are these for the same thing? (It seems like yes.) In that case, was one of them prior art that the other stole? Were they independent developments? Was Horowitz himself involved with Network Associates? What's the timing?

Thanks for any clarification. — Preceding unsigned comment added by Thousandlegs (talk • contribs) 16:18, 6 February 2024 (UTC)[reply]

@ 98.73.66.239 (talk) 03:43, 11 May 2023 (UTC)[reply]