= Key Discovery Comparison =

dkg:
* would like to have a chart with:
** different mechanisms for key discovery
** different problems/use-cases/advantages/concerns that might be relevant
* start with listing?


== Properties ==

* Passive versus active discovery: whether the lookup is initiated by the person who discovers the key. (Passive or Active)
* Talks to a third party: whether it is divulging the email address to a third party (No, Provider or Yes)
* Central authority: are there centralized authorities for queries? (No, Federated or Yes)
* Network protocols
* User invisibility: can you hide the look up from the user? (Yes, No)
* User interaction: is user interaction required? <--- ignored for now
* Delay: how long is the delay
* Ambiguity: whether it is possible to get more than one key upon lookup.
* Revocation discovery: can the sender see if a key has been revoked?
* Append-only: property of the mechanism
* Consistent global view
* Cacheability: can you get the same trust properties over a proxy?


== Mechanisms ==

* Key in email as attachment
* .well_known HTTPS lookup (standardized transformation to get lookup address) by email address
* DANE
* Keyserver lookup (SKS pool)
* Mailvelope Keyserver
* Symantec Global Directory
* Keybase
* Google's Key Transparency (CONIKS)


== Comparison chart ==

{{{
Properties\Mechanisms | key-in-email | well-known | DANE | keyserver | mailvelope | symantic | keybase | CONIKS |
-------------------------------------------------------------------------------------------------------|--------|
passive/active        |      P       |      A     |  A   |     A     |      A     |    A     |    A    |   A    |
talks to 3rd party    |      No      |  Provider  |  Pr  |     Y     |      Y     |    Y     |    Y    |   Pr   |
central authority     |      No      |    No      |  No  |     No    |      Y     |    Y     |    Y    |   N    |
network protocols     |     SMTP     |   HTTPS    | DNSec| hkp/hkps  | https/hkps |   LDAP   |  HTTPS  | HTTPS  |
user invisibility     |      Y       |     Y      |  Y   |     Y     |      Y     |    Y     |    Y    |   Y    |
user interaction      |              |            |      |           |            |          |         |        |
delay                 |1 round trip  |    TCP     |  UDP |    TCP    |     TCP    |   TCP    |   TCP   |  TCP   |
ambiguity             |      N       |     N      |   N  |     Y     |      N     |    N     |    N    |   N    |
revocation discovery  |    ?????     |     Y      |   ?  |     Y     |      N     |    Y     |    ?    |   ?    |
append-only           |      Y       |    Y/N     |   N  |     Y     |      N     |    N     |    ?    |   Y    |
consistent-globalview |      N       |     N      |   N  |     N     |      N     |    N     |    N    |   Y    |
cacheability          |      N       |     Y      |   Y  |     Y     |      N     |    Y     |    ?    |   Y    |
}}}