The official PGP user's guide
EKA: Efficient Keyserver using ALMI
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
ALMI: an application level multicast infrastructure
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Proceedings of the 6th ACM workshop on QoS and security for wireless and mobile networks
Hi-index | 0.00 |
In the Internet, securing email has always been an importantissue. Various standards and products have been created. One ofthe most successful standards is OpenPGP [4], which uses publickey cryptography (RSA [13] and others) and is implemented insystems like Pretty Good Privacy [15], GNU Privacy Guard [8],Hushmail [1] and others.A well-known difficulty with the use of public key cryptographicsystems is the verification and distribution of the publickeys. OpenPGP solves the problem of verifying the authenticityof a public key by having users certify each others keys, buildinga "Web of Trust" [5] by bundling these key certificates with eachusers public key. Therefore, adding a new public key and updatingan existing public key (or replacing it by a new version) are thetwo most important operations of any PGP public key repository.To allow easy distribution of PGP public keys, the OpenPGPcommunity established a network of open access public keyservers[7], allowing users of OpenPGP software to freely exchange publickeys. The nodes of this keyserver network synchronise theirdatabase by exchanging new public keys and key updates amongsteach other, virtually building one global key database. At the moment,this synchronisation is done with an inefficient and ineffectiveemail based protocol. This paper describes the implementationof an alternative protocol - KX - on the popular pksd keyserver[6], based on direct TCP connections between the keyservers andunambiguous identifiers for every key update or new key. With thedropping of the dependency on a working mail system and the improvedfault mechanisms, KX is a lightweight alternative in termsof used network, disk and CPU resources.