Re: [Sks-devel] new keyserver online

[Christoph Anton Mitterer]

Hey...

Oh my goodness...


Now listen:

On Sat, 2010-08-21 at 18:54 -0700, C.J. Adams-Collier KF7BMP wrote:
> No.  And I advise all others to avoid peering with you until you can
> prove that you own the private key that will be associated with the
> keyserver.
I was already willing to put some effort into giving you strong
indication, that my key belongs to the owner of my keyserver as you
wanted.

If I'm not missing something substantially (and I don't think so) there
is really nothing which you'd gain from this anyway.
If I send you some encrypted challenge or vice versa, you have neither a
proof that I'm actually "Christoph Anton Mitterer" but only that the
owner of that key has access to that email address (which an attacker
can have easily too, via MiM-attacks).

It neither proves you that the owner of that key is really the owner of
that keyserver, also because of easily possible MiM-attacks.

Obviously you're missing some fundamental parts of how cryptosystems
(and especially the keyserver infrastructure works).
The later is not secured anyway as you can understand from this thread:
http://www.imc.org/ietf-openpgp/mail-archive/msg30930.html


> http://apps.leg.wa.gov/rcw/default.aspx?cite=19.34.210
You might have noticed (e.g. using whois on my IP addresses) that I'm
not living in the state of Washington and not even in the US.
I show's quite some arrogance that you seem to have the impression, that
this law or whatever it is, might have some effect in Europe or Germany.

Apart from the fact, that it seems to be about "licensed certificate
authorities".
No keyserver is a CA...


So next time before making any "unpolite" public statements, please
think twice,.. (or better three times).


Cheers,
Chris.

btw: Of course you're still free to decide with which keyserver you want
to peer, which I did now.