Authoritative PGP Key Servers

With the PRISM scandal in the news, my attention was brought back to an issue that was nagging me a few months ago: even with fast computers in the palm of everyone’s hand and near ubiquitous networking, we don’t use strong encryption in our everyday lives.

For me personally, and I suspect many other Americans, the things I care most about are in my Gmail and Dropbox accounts. For the most part, we trust Google and Dropbox (and others) to keep that data safe and private. PRISM invalidates that trust. It’s unclear the extent to which these organizations participated in PRISM, or even what “participation” means, but it is clear that with FISA, even if they were handing over your data, they wouldn’t be able to tell you about it.

Even without Google’s compliance, if the NSA (or any other party) controls one the email relays between the sender and the recipient, it can read the contents of an email message, as SMTP lacks end-to-end encryption.

That revelation turned my beef with the lack of everyday encryption from a minor annoyance into a serious pain point.

We have an open source, near-military-grade encryption standard in OpenPGP available, but it seems that only the most paranoid and tech-savvy take advantage of it. Why isn’t PGP more widespread?

The Web of Trust can’t grow effectively. In order for Public Key Cryptography to work, you have to trust that a user’s public key is truly the public key of that user, and not someone impersonating that user (or, less maliciously an old public key). PGP solves this problem in a decentralized manner, having users sign each other’s identity certificates to certify them as trusted. If several people you trust have signed another user’s certificate, you can be pretty confident that the identity is accurate. This works great if everyone uses PGP, but at anything but near complete adoption  it runs into issues. New users (with no one to sign their certificates) can’t be trusted at all, and two users without a common connection have no way to secure transmissions.

Too much human intervention. There are some good plugins to make email encryption fairly painless, but it requires that the end user find and maintain a set of public keys for their contacts. There are public key servers to help with the distribution of keys, but they are intended for human users to find the proper key, and encrypt their message with it. This is far too much human intervention, especially for a cryptography solution, to ever become a mainstream activity.

With these issues in mind, I came up with the concept of Authoritative Key Servers: PGP Key Servers designated as the holder of up-to-date and accurate public keys for the users of a domain.

I describe HTTP Authoritative Keyserver Protocol in more detail here, but it essentially allows you to designate a keyserver as authoritative for a particular domain in the DNS records. The designated server will then respond to requests for a particular user’s public key block, and the response can be trusted as up-to-date and accurate.

As a result, if a sender and a recipient have no prior communication and no common links, the sender can trust the DNS records of the recipient’s domain in order to send secure communications, and with a simple plugin, can do so automatically, without user intervention.

This allows adoption of a strong encryption standard to happen at a natural pace - I can use this scheme today, and anyone can send me secure communications [1], but I can still communicate with those that have yet to adopt it.

I created an open source implementation of my Authoritative Keyserver, and anyone can set up their own key server. Alternatively, if you don’t want to host your own keyserver, you can designate my key server (keys.tgriff3.com) as authoritative and send me your public key block.

For email encryption, the creation of a Gmail plugin that automatically looks for an Authoritative Keyserver and encrypts the message contents is the next step.

I’m by no means an crypto expert, so this protocol might be vulnerable to serious security issues that I’m not aware of — please let me know if that’s the case. I know that DNS isn’t the most trustworthy system, which is the achilles heel of this protocol. But it has to be better than the status quo, communication with no encryption.

[1] try it: my email is trey @ this domain, and the authoritative keyserver for this domain is keys.tgriff3.com, meaning you can access my public key block at http://keys.tgriff3.com/users/tgriff3.com/trey . But don’t take my word for it: check my DNS records!