GnuPG wiki
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • RecentChanges
  • FindPage
  • HelpContents

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
What is the surname of the main author of GnuPG? And add its third letter.

  • OpenPGPEmailSummit201607
  • KeyDiscoveryComparison

Key Discovery Comparison

dkg:

  • would like to have a chart with:
    • different mechanisms for key discovery
    • different problems/use-cases/advantages/concerns that might be relevant
  • start with listing?

Properties

  • Passive versus active discovery: whether the lookup is initiated by the person who discovers the key. (Passive or Active)
  • Talks to a third party: whether it is divulging the email address to a third party (No, Provider or Yes)
  • Central authority: are there centralized authorities for queries? (No, Federated or Yes)
  • Network protocols
  • User invisibility: can you hide the look up from the user? (Yes, No)
  • User interaction: is user interaction required? <--- ignored for now
  • Delay: how long is the delay
  • Ambiguity: whether it is possible to get more than one key upon lookup.
  • Revocation discovery: can the sender see if a key has been revoked?
  • Append-only: property of the mechanism
  • Consistent global view
  • Cacheability: can you get the same trust properties over a proxy?

Mechanisms

  • Key in email as attachment
  • .well_known HTTPS lookup (standardized transformation to get lookup address) by email address
  • DANE
  • Keyserver lookup (SKS pool)
  • Mailvelope Keyserver
  • Symantec Global Directory
  • Keybase
  • Google's Key Transparency (CONIKS)

Comparison chart

Properties\Mechanisms | key-in-email | well-known | DANE | keyserver | mailvelope | symantic | keybase | CONIKS |
-------------------------------------------------------------------------------------------------------|--------|
passive/active        |      P       |      A     |  A   |     A     |      A     |    A     |    A    |   A    |
talks to 3rd party    |      No      |  Provider  |  Pr  |     Y     |      Y     |    Y     |    Y    |   Pr   |
central authority     |      No      |    No      |  No  |     No    |      Y     |    Y     |    Y    |   N    |
network protocols     |     SMTP     |   HTTPS    | DNSec| hkp/hkps  | https/hkps |   LDAP   |  HTTPS  | HTTPS  |
user invisibility     |      Y       |     Y      |  Y   |     Y     |      Y     |    Y     |    Y    |   Y    |
user interaction      |              |            |      |           |            |          |         |        |
delay                 |1 round trip  |    TCP     |  UDP |    TCP    |     TCP    |   TCP    |   TCP   |  TCP   |
ambiguity             |      N       |     N      |   N  |     Y     |      N     |    N     |    N    |   N    |
revocation discovery  |    ?????     |     Y      |   ?  |     Y     |      N     |    Y     |    ?    |   ?    |
append-only           |      Y       |    Y/N     |   N  |     Y     |      N     |    N     |    ?    |   Y    |
consistent-globalview |      N       |     N      |   N  |     N     |      N     |    N     |    N    |   Y    |
cacheability          |      N       |     Y      |   Y  |     Y     |      N     |    Y     |    ?    |   Y    |
  • This site is hosted by Intevation GmbH
  • |
  • Datenschutzerklärung und Impressum
  • |
  • Privacy Policy and Imprint