free
/
freedombone
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
Bladeren bron

Move the image

Bob Mottram 8 jaren geleden
bovenliggende
241ccb9803
commit
de37fbc633
2 gewijzigde bestanden met toevoegingen van 25 en 25 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 4
    4
      doc/EN/app_keyserver.org
  2. 21
    21
      website/EN/app_keyserver.html

+ 4
- 4
doc/EN/app_keyserver.org Bestand weergeven

16 
 </center>
 16 
 </center>
17 
 #+END_EXPORT
 17 
 #+END_EXPORT
18
18
19 
-#+BEGIN_CENTER
20 
-[[file:images/keyserver.jpg]]
21 
-#+END_CENTER
22 
-
23 
 The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.
 19 
 The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.
24
20
25 
 For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.
 21 
 For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.
26
22
23 
+#+BEGIN_CENTER
24 
+[[file:images/keyserver.jpg]]
25 
+#+END_CENTER
26 
+
27 
 * Installation
 27 
 * Installation
28
28
29 
 ssh into the system with:
 29 
 ssh into the system with:

+ 21
- 21
website/EN/app_keyserver.html Bestand weergeven

3 
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 3 
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 4 
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 
 <head>
 5 
 <head>
6 
-<!-- 2017-07-30 Sun 18:12 -->
6 
+<!-- 2017-07-30 Sun 18:18 -->
7 
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 7 
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 8 
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 
 <title></title>
 9 
 <title></title>
248 
 <h1>OpenPGP Key Server</h1>
 248 
 <h1>OpenPGP Key Server</h1>
249 
 </center>
 249 
 </center>
250
250
251 
-<div class="org-center">
252 
-
253 
-<div class="figure">
254 
-<p><img src="images/keyserver.jpg" alt="keyserver.jpg" />
255 
-</p>
256 
-</div>
257 
-</div>
258 
-
259 
 <p>
 251 
 <p>
260 
 The <i>web of trust</i> is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.
 252 
 The <i>web of trust</i> is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.
261 
 </p>
 253 
 </p>
264 
 For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to <i>find out how to communicate with others securely via email</i>. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.
 256 
 For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to <i>find out how to communicate with others securely via email</i>. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.
265 
 </p>
 257 
 </p>
266
258
267 
-<div id="outline-container-org9a238e8" class="outline-2">
268 
-<h2 id="org9a238e8">Installation</h2>
269 
-<div class="outline-text-2" id="text-org9a238e8">
259 
+<div class="org-center">
260 
+
261 
+<div class="figure">
262 
+<p><img src="images/keyserver.jpg" alt="keyserver.jpg" />
263 
+</p>
264 
+</div>
265 
+</div>
266 
+
267 
+<div id="outline-container-orgfcf6c32" class="outline-2">
268 
+<h2 id="orgfcf6c32">Installation</h2>
269 
+<div class="outline-text-2" id="text-orgfcf6c32">
270 
 <p>
 270 
 <p>
271 
 ssh into the system with:
 271 
 ssh into the system with:
272 
 </p>
 272 
 </p>
286 
 </div>
 286 
 </div>
287 
 </div>
 287 
 </div>
288
288
289 
-<div id="outline-container-org671d1b4" class="outline-2">
290 
-<h2 id="org671d1b4">How to use it</h2>
291 
-<div class="outline-text-2" id="text-org671d1b4">
289 
+<div id="outline-container-org8e2baf7" class="outline-2">
290 
+<h2 id="org8e2baf7">How to use it</h2>
291 
+<div class="outline-text-2" id="text-org8e2baf7">
292 
 <p>
 292 
 <p>
293 
 Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the <b>&#x2013;keyserver</b> option. For example to search for a key on your server:
 293 
 Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the <b>&#x2013;keyserver</b> option. For example to search for a key on your server:
294 
 </p>
 294 
 </p>
318 
 </div>
 318 
 </div>
319 
 </div>
 319 
 </div>
320 
 </div>
 320 
 </div>
321 
-<div id="outline-container-org8a015fc" class="outline-2">
322 
-<h2 id="org8a015fc">Sync with other keyservers</h2>
323 
-<div class="outline-text-2" id="text-org8a015fc">
321 
+<div id="outline-container-orgf7e93ae" class="outline-2">
322 
+<h2 id="orgf7e93ae">Sync with other keyservers</h2>
323 
+<div class="outline-text-2" id="text-orgf7e93ae">
324 
 <p>
 324 
 <p>
325 
 Key servers avoid censorship or errors by gossiping between each other and cross referencing the data. You can define which other servers your key server will gossip with by going to the <b>Administrator control panel</b>, selecting <b>App Settings</b> then <b>keyserver</b> then <b>Sync with other keyserver</b>.
 325 
 Key servers avoid censorship or errors by gossiping between each other and cross referencing the data. You can define which other servers your key server will gossip with by going to the <b>Administrator control panel</b>, selecting <b>App Settings</b> then <b>keyserver</b> then <b>Sync with other keyserver</b>.
326 
 </p>
 326 
 </p>
330 
 </p>
 330 
 </p>
331 
 </div>
 331 
 </div>
332 
 </div>
 332 
 </div>
333 
-<div id="outline-container-orge9e564a" class="outline-2">
334 
-<h2 id="orge9e564a">Possible problems</h2>
335 
-<div class="outline-text-2" id="text-orge9e564a">
333 
+<div id="outline-container-org7be3c82" class="outline-2">
334 
+<h2 id="org7be3c82">Possible problems</h2>
335 
+<div class="outline-text-2" id="text-org7be3c82">
336 
 <p>
 336 
 <p>
337 
 OpenPGP key servers are not very well defended from flooding attacks. This means that an adversary could just upload a billion keys to destabilize the server and fill it with nonsense to make it unusable. Since key servers are <i>fully open to the public</i> there isn't anything to prevent that from happening.
 337 
 OpenPGP key servers are not very well defended from flooding attacks. This means that an adversary could just upload a billion keys to destabilize the server and fill it with nonsense to make it unusable. Since key servers are <i>fully open to the public</i> there isn't anything to prevent that from happening.
338 
 </p>
 338 
 </p>