Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

[Kristian Fiskerstrand]

On 01/14/2018 08:36 PM, Alain Wolf wrote:
> Unfortunately the problem of 95% of the server pool not supporting
> HKPS out of the box remains unresolved. For now.
> 
> My opinion is still the same: Unencrypted HKP should be the exception
> and HKPS the rule. The majority of the pool servers need to be in the
> HKPS pool and HKP then might be slowly phased out and deprecated.

From a security perspective that isn't necessary. OpenPGP is utilizing
object based security, whereby the packets are signed. So HKP has no
security implication.

From a privacy perspective, then yes, using HKPS transport is better,
but it doesn't improve anything if malicious servers are included in
some way that records information anyways, so having all servers
included reduces privacy, it doesn't improve anything, as long as the
pool itself is operational.

And fwiw, none of the geographical sub-pools are doing anything re HKPS,
that is a single global pool.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Timendi causa est nescire
The cause of fear is ignorance

signature.asc
Description: OpenPGP digital signature