GnuPG Gpg4win Logo
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • RecentChanges
  • FindPage
  • HelpContents
Revision 1 as of 2016-07-10 13:14:35
  • OpenPGPEmailSummit201607
  • KeyDiscoveryComparison

Key Discovery Comparison

dkg:

  • would like to have a chart with:
    • different mechanisms for key discovery
    • different problems/use-cases/advantages/concerns that might be relevant
  • start with listing?

Properties

  • Passive versus active discovery: whether the lookup is initiated by the person who discovers the key. (Passive or Active)
  • Talks to a third party: whether it is divulging the email address to a third party (No, Provider or Yes)
  • Central authority: are there centralized authorities for queries? (No, Federated or Yes)
  • Network protocols
  • User invisibility: can you hide the look up from the user? (Yes, No)
  • User interaction: is user interaction required? <--- ignored for now
  • Delay: how long is the delay
  • Ambiguity: whether it is possible to get more than one key upon lookup.
  • Revocation discovery: can the sender see if a key has been revoked?
  • Append-only: property of the mechanism
  • Consistent global view
  • Cacheability: can you get the same trust properties over a proxy?

Mechanisms

  • Key in email as attachment
  • .well_known HTTPS lookup (standardized transformation to get lookup address) by email address
  • DANE
  • Keyserver lookup (SKS pool)
  • Mailvelope Keyserver
  • Symantec Global Directory
  • Keybase
  • Google's Key Transparency (CONIKS)

Comparison chart

Properties\Mechanisms | key-in-email | well-known | DANE | keyserver | mailvelope | symantic | keybase | CONIKS |
-------------------------------------------------------------------------------------------------------|--------|
passive/active        |      P       |      A     |  A   |     A     |      A     |    A     |    A    |   A    |
talks to 3rd party    |      No      |  Provider  |  Pr  |     Y     |      Y     |    Y     |    Y    |   Pr   |
central authority     |      No      |    No      |  No  |     No    |      Y     |    Y     |    Y    |   N    |
network protocols     |     SMTP     |   HTTPS    | DNSec| hkp/hkps  | https/hkps |   LDAP   |  HTTPS  | HTTPS  |
user invisibility     |      Y       |     Y      |  Y   |     Y     |      Y     |    Y     |    Y    |   Y    |
user interaction      |              |            |      |           |            |          |         |        |
delay                 |1 round trip  |    TCP     |  UDP |    TCP    |     TCP    |   TCP    |   TCP   |  TCP   |
ambiguity             |      N       |     N      |   N  |     Y     |      N     |    N     |    N    |   N    |
revocation discovery  |    ?????     |     Y      |   ?  |     Y     |      N     |    Y     |    ?    |   ?    |
append-only           |      Y       |    Y/N     |   N  |     Y     |      N     |    N     |    ?    |   Y    |
consistent-globalview |      N       |     N      |   N  |     N     |      N     |    N     |    N    |   Y    |
cacheability          |      N       |     Y      |   Y  |     Y     |      N     |    Y     |    ?    |   Y    |
  • This site is hosted by Intevation GmbH
  • |
  • Datenschutzerklärung und Impressum
  • |
  • Privacy Policy and Imprint