[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] PHP/MySQL keyserver
|
From: |
Xian Stannard |
|
Subject: |
Re: [Sks-devel] PHP/MySQL keyserver |
|
Date: |
Thu, 24 Mar 2011 00:31:36 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 23/03/2011 22:21, C.J. Adams-Collier KF7BMP wrote:
> On Wed, 2011-03-23 at 21:21 +0000, Xian Stannard wrote:
>> I think it would be nice to have a cloud based PGP/GPG system
> define 'cloud based'?
Similar to what we have already in that public keys are stored (either
centrally or distributed) on the internet and that the code to do the
encryption/decription is served up to the users if they don't already
have it. Also it would work with the non-cloud PGP implementations we
already have. Is 'cloud' even the right word?
e.g. At the moment I have a copy of my keyrings and GPG on each machine
I use. Instead I'd like to keep keyrings (not secret keys) on the net
somewhere, so when I add a key from my home machine, it's there for me
at work.
Also when I am using webmail, I would like to be able to use
cryptography without sending or recieving any cleartext. So if a server
could serve up as part of the webmails' code some Javascripts or Java
applet or something that could do the encryption in my browser it would
be better than using a webmail plugin that does it on the server, or not
using encryption at all. I'd prefer not to send sesative messages than
allow a system I don't own to do that on my behalf. I believe there is a
squirrel mail plugin that does it on the server, but that doesn't sound
nice to me.
Of course more people would use it if one could keep secret keys in the
cloud, but that is a risk. Not a complete risk because the keys
themselves are encrypted but still further than I'm willing to go. I
have the keys on the systems where I use them so a cloud system would
need to accept local keys somehow, or better still I use a non cloud
encryption software on those systems. I detect a contentions point here,
a trade off between security and ease of use.
Whereas I'd like to see everyone everywhere using the best security
availble, it's never going to happen. I think the next best thing is to
make good security easier and very good security possible. Very good
security is possible, we are using it. But trying to introduce one of my
friends to PGP has forced her to try and get to grips with complexities
that she just doesn't care about. I'd like a system that is better than
cleartext and is simple enough for her to use, that is compatible with
and doesn't reduse the security of my system. Also I think complexity is
hidering the spread of PGP, an otherwise brillant system.
Depending on how much one trusts cloud stored secret keys, it may be
advantagous to be able to generate a key pair with a flag in it that
means that the cloud would refuse to store the secret part (or even the
served up code would refuse to use it), so senders could decide if they
were willing to trust such a keys without such flag.
The security of the cloud servers and how they communicate with the
served up code is a whole different point. Things like only using SSL
(probably HTTPS), signing the served up code (who by?), and I'm sure
theres other measures that would help. I like the look of OAuth but not
sure if it's the right way to go.
So I guess I've answered a little more than "define 'cloud based'" but
hopefully you understand my thoughts. I guess that all the people on
this list wouldn't need such a thing but it might help bring better
security to others who currently use very little. I'd like to use a
centeral personal public key ring though.
It's a huge idea for me who doesn't know very much about this sort of
thing yet, but I'm asking if such a thing could be made to work, and if
it would be a good idea to do so.
- --
/Xian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNipDoAAoJEEPJptmhzueQ5pEIALKyFIEytePkWyx78UPpkE+Y
NHinoBy2L3MN9PRcAn/ZGVrDyN3ehgsr7xpJNlN4HSTtu8bJTTxN93XTyP9vVfQi
ISsposR+pcnylc72clcCgJroGXYL6YSl8j5v9VpWAm890Iqu2KHUqxlYBp2fRG+b
9DRBldCa+AiL3q76icZAeVkRySMu+WaPQXOF494PLz0OxC9YRVXn+ygr/5gXRrPW
9Vu5ey7lCovPWvjRlBa+zdmc9zuIBG3YRhxR5gtSzoCerWO12iMJ6zm716pR57ks
79d2S/76ew9vqqkxJyPaKd6m3fScgQZ3LfD3Mu70na4oBjq0WasupE5HeMRfHJ4=
=56RA
-----END PGP SIGNATURE-----