Launching a new keyserver on keys.openpgp.org!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Launching a new keyserver on keys.openpgp.org!

Vincent Breitmoser

Hey sks-devel folks,

the Hagrid team is pleased to announce the launch of our new keyserver, running
at keys.openpgp.org!

https://keys.openpgp.org

Here's the short story:

* Fast and reliable. No wait times, no downtimes, no inconsistencies.
* Precise. Searches return only a single key, which allows for easy key discovery.
* Validating. Identities are only published with consent, while non-identity information is freely distributed.
* Deletable. Users can delete personal information with a simple e-mail confirmation.
* Built on Rust, powered by Sequoia PGP - free and open source, running AGPLv3.

Full news announcement: https://keys.openpgp.org/about/news#2019-06-12-launch

Our primary motivation was to have a place where OpenPGP clients can reliably
and quickly obtain updates to key material (subkeys, revocations, ...), and that
also has as a simple and useful way of key discovery.

Some of the things we do are a bit experimental. For some things we found that
there is no good mechanism at this point, so we decided to drop them for now.
Most notably this includes third party signatures on keys, because they in their
current form the difficulties wrt privacy and spam outweigh their usefulness.

The server implementation Hagrid (as in, "keeper of keys") is developed here:
https://gitlab.com/sequoia-pgp/hagrid
Feel free to file issues if you find anything out of place. Please read our FAQ
first ;)

Huge thanks to Kai for the initial implementation, Justus and Neal for creating
Sequoia and working with me on this, dkg and Paul for testing and tons of
feedback, Phil for providing us with the domain, and of course everyone who
helped us test and polish this thing!

Happy to hear your feedback!

 - V


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Tom at FlowCrypt
Thanks for the effort. I see keys can be retrieved as follows:

Are you also planning to add SKS-compatible endpoints over http? Eg:

Similar for uploading (after which you send your email verification). It may help some users transition.

Is there any counter to see roughly how many keys are available?


On Wed, Jun 12, 2019 at 5:16 PM Vincent Breitmoser <[hidden email]> wrote:

Hey sks-devel folks,

the Hagrid team is pleased to announce the launch of our new keyserver, running
at keys.openpgp.org!

https://keys.openpgp.org

Here's the short story:

* Fast and reliable. No wait times, no downtimes, no inconsistencies.
* Precise. Searches return only a single key, which allows for easy key discovery.
* Validating. Identities are only published with consent, while non-identity information is freely distributed.
* Deletable. Users can delete personal information with a simple e-mail confirmation.
* Built on Rust, powered by Sequoia PGP - free and open source, running AGPLv3.

Full news announcement: https://keys.openpgp.org/about/news#2019-06-12-launch

Our primary motivation was to have a place where OpenPGP clients can reliably
and quickly obtain updates to key material (subkeys, revocations, ...), and that
also has as a simple and useful way of key discovery.

Some of the things we do are a bit experimental. For some things we found that
there is no good mechanism at this point, so we decided to drop them for now.
Most notably this includes third party signatures on keys, because they in their
current form the difficulties wrt privacy and spam outweigh their usefulness.

The server implementation Hagrid (as in, "keeper of keys") is developed here:
https://gitlab.com/sequoia-pgp/hagrid
Feel free to file issues if you find anything out of place. Please read our FAQ
first ;)

Huge thanks to Kai for the initial implementation, Justus and Neal for creating
Sequoia and working with me on this, dkg and Paul for testing and tons of
feedback, Phil for providing us with the domain, and of course everyone who
helped us test and polish this thing!

Happy to hear your feedback!

 - V


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Vincent Breitmoser

Hi Tom,

> Are you also planning to add SKS-compatible endpoints over http? Eg:
> https://keys.openpgp.org/pks/lookup?search=look@...

Of course! This is already supported, your URI just wasn't valid because it
didn't include an "op" paramter:
https://keys.openpgp.org/pks/lookup?op=get&search=look@...
https://keys.openpgp.org/pks/lookup?op=index&search=look@...

This is also documented in our API documentation. I daresay it's even hard to
miss, making up almost half the page?  https://keys.openpgp.org/about/api

> Similar for uploading (after which you send your email verification). It
> may help some users transition.

It is common practice to use `--send-keys` on other people's keys, to publish
new signatures. I also don't want to send out many emails if users have many
user ids. For that reason we probably won't be able to use that API endpoint to
send out email verifications.

I thought about sending out a "welcome" mail to the primary user id when a key
is first uploaded via HKP. This wouldn't be for verification, but just informs
the user about the service, and that their key was just uploaded (by them or
somebody else). But so far this isn't implemented, and it's not too high on my
list of priorities.

> Is there any counter to see roughly how many keys are available?

There is not, but perhaps there should be! I can say that so far (since launch),
there are about 800 verified e-mail addresses. :)

Since we imported the sks-dump as an initial seed, there are also some 5M+ keys
without identities. Wouldn't want anyone to miss revocations that are already
available via SKS when they switch to us.

 - V


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Vincent Breitmoser
In reply to this post by Vincent Breitmoser

Following up on this:

Anyone got some good idea on how to continuously sync certificate updates from
the SKS pool?

We imported the sks dump to keys.openpgp.org, specifically the non-identity
parts.  We did this mostly to ensure that users of keys.openpgp.org will
reliably receive revocations that were uploaded to SKS. However, so far we don't
have a very good concept on how to keep that information up to date.

Of course, we could keep re-importing the dump on a regular basis. That is
a fairly heavy operation though, and I would prefer to receive updates in a more
timely fashion.

I don't know much about SKS. Is it perhaps possible to simply keep a list of
updated fingerprints around? That's essentially the only info needed.  Would be
thankful if anyone more experienced with SKS could lend us a hand here :)

Cheers

 - V


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Andrew Gallagher

> On 16 Jun 2019, at 22:32, Vincent Breitmoser <[hidden email]> wrote:
>
> Anyone got some good idea on how to continuously sync certificate updates from
> the SKS pool?

Run your own SKS server, sync it with the pool, and monitor its logs. You can then schedule a job to request each updated packet in turn from your SKS server and submit it to your hagrid server.

A

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Valentin Sundermann
In reply to this post by Vincent Breitmoser
> Anyone got some good idea on how to continuously sync certificate updates from
> the SKS pool?
>
> We imported the sks dump to keys.openpgp.org, specifically the non-identity
> parts.  We did this mostly to ensure that users of keys.openpgp.org will
> reliably receive revocations that were uploaded to SKS. However, so far we don't
> have a very good concept on how to keep that information up to date.

I think the best way forward would be to implement SKS Recon, this way
the SKS instances would not fall behind the hagrid ones (what's good for
the general network I guess).

I'd suggest to provide an in/out sync interface where something like an
"sks recon adapter" could be plugged in. Such an adapter would strip
away all identity information in- and outwards.

And somewhere in the future hagrid keyservers could synchronize the
approved identity information (or add a pointer for an authoritative
keyserver, or add signed attestations, etc). This would be preferably a
well-thought future-proof implementation-unspecific (you name it)
protocol (might also be that SKS Recon is already this protocol, not sure).

Anyway, I'm really behind adding synchronization to hagrid to split up
the power between multiple instances. I'd like to prevent having a
single complete keyserver at all costs :)

Curious for other opinions.
Valentin


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

William Hay
Thus spake Valentin Sundermann:
> I think the best way forward would be to implement SKS Recon, this way
> the SKS instances would not fall behind the hagrid ones (what's good for
> the general network I guess).
>
> I'd suggest to provide an in/out sync interface where something like an
> "sks recon adapter" could be plugged in. Such an adapter would strip
> away all identity information in- and outwards.

That doesn't seem likely to work.  AIUI the sks recon protocol doesn't just
ensure that all members of the network have a copy of every key but
that they have the same version of each key.  If the recon adapter
only deals in stripped keys then the reconciliation could never finally
succede and I suspect that an SKS server connecting to it would
be launching a DOS attack on itself.

William

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Andrew Gallagher
On 19/06/2019 09:42, William Hay wrote:

> Thus spake Valentin Sundermann:
>> I think the best way forward would be to implement SKS Recon, this way
>> the SKS instances would not fall behind the hagrid ones (what's good for
>> the general network I guess).
>>
>> I'd suggest to provide an in/out sync interface where something like an
>> "sks recon adapter" could be plugged in. Such an adapter would strip
>> away all identity information in- and outwards.
>
> That doesn't seem likely to work.  AIUI the sks recon protocol doesn't just
> ensure that all members of the network have a copy of every key but
> that they have the same version of each key.  If the recon adapter
> only deals in stripped keys then the reconciliation could never finally
> succede
This is correct. To support SKS recon between servers that support a
different subset of key material would require a full implementation of
fake-recon as discussed in the mega-thread here:

http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html

tl;dr: you probably have better things to do with your life. :-)

--
Andrew Gallagher


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Valentin Sundermann
In reply to this post by William Hay
> That doesn't seem likely to work.  AIUI the sks recon protocol doesn't just
> ensure that all members of the network have a copy of every key but
> that they have the same version of each key.  If the recon adapter
> only deals in stripped keys then the reconciliation could never finally
> succede and I suspect that an SKS server connecting to it would
> be launching a DOS attack on itself.

Oh, didn't know that. Do you think it's possible to store this state /
key versions without storing the identity parts? E.g. through keeping
only hashes of it?

Would be more complex than I anticipated and might not be possible at
all, but I'd prefer not having to operate an SKS instance next to the
hagrid one :)

Thanks,
Valentin


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Andrew Gallagher
On 19/06/2019 16:01, Valentin Sundermann wrote:
> Do you think it's possible to store this state /
> key versions without storing the identity parts? E.g. through keeping
> only hashes of it?

Yes, see the linked thread from last year in my previous mail. It's
highly non-trivial.

> Would be more complex than I anticipated and might not be possible at
> all, but I'd prefer not having to operate an SKS instance next to the
> hagrid one :)

Personally, I think it sounds much better than implementing a recon
plugin with extended, untested functionality, just for
backwards-compatibility purposes.

--
Andrew Gallagher


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Launching a new keyserver on keys.openpgp.org!

Brian Minton-4
In reply to this post by Andrew Gallagher
On Sun, Jun 16, 2019 at 11:04:16PM +0100, Andrew Gallagher wrote:
>
> > On 16 Jun 2019, at 22:32, Vincent Breitmoser <[hidden email]> wrote:
> >
> > Anyone got some good idea on how to continuously sync certificate updates from
> > the SKS pool?
>

sks also has an option to send email (using the old pks-compatible
protocol) for new or updated keys.  I have been using that feature to
send keys to an onak keyserver at the.earth.li.  You may ask some sks
operators to add your server as an email destination.

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (235 bytes) Download Attachment