[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] new keyserver online
From: |
David Shaw |
Subject: |
Re: [Sks-devel] new keyserver online |
Date: |
Sun, 22 Aug 2010 10:47:49 -0400 |
On Aug 22, 2010, at 9:27 AM, Robert J. Hansen wrote:
> While I concur with you, Christoph, there's one minor error that should
> probably be corrected:
>
>> No keyserver is a CA...
>
> Most keyservers are CAs, in that the people who run the keyservers have
> signed other people's keys.
Robert, are you really saying what you seem to be saying? The action of the
owners doesn't make a keyserver a CA. That makes the person running the
keyserver a CA. If I signed a bunch of keys and put them up on my web server,
it wouldn't make my web server a CA. Similarly, if I signed someone's key and
gave it to him on a USB stick, it wouldn't make the USB stick a CA.
Most keyservers are a database plus a web server plus a key distribution
protocol. It's a storage place for keys. The CA is the person/entity issuing
signatures. The method they use to distribute these signatures (be it
keyserver, sneakernet, or morse code) does not change that.
The PGP "Global Directory" keyserver, by comparison, is a CA. It issues the
signatures, and isn't just storage.
David
Re: [Sks-devel] new keyserver online, C.J. Adams-Collier KF7BMP, 2010/08/22
Re: [Sks-devel] new keyserver online, Christoph Anton Mitterer, 2010/08/22
Re: [Sks-devel] new keyserver online, C.J. Adams-Collier KF7BMP, 2010/08/22