Key Exchange (KX) - A Next Generation Protocol to Synchronise PGP Keyservers

Quantified Score

Visualization

Abstract

In the Internet, securing email has always been an importantissue. Various standards and products have been created. One ofthe most successful standards is OpenPGP [4], which uses publickey cryptography (RSA [13] and others) and is implemented insystems like Pretty Good Privacy [15], GNU Privacy Guard [8],Hushmail [1] and others.A well-known difficulty with the use of public key cryptographicsystems is the verification and distribution of the publickeys. OpenPGP solves the problem of verifying the authenticityof a public key by having users certify each others keys, buildinga "Web of Trust" [5] by bundling these key certificates with eachusers public key. Therefore, adding a new public key and updatingan existing public key (or replacing it by a new version) are thetwo most important operations of any PGP public key repository.To allow easy distribution of PGP public keys, the OpenPGPcommunity established a network of open access public keyservers[7], allowing users of OpenPGP software to freely exchange publickeys. The nodes of this keyserver network synchronise theirdatabase by exchanging new public keys and key updates amongsteach other, virtually building one global key database. At the moment,this synchronisation is done with an inefficient and ineffectiveemail based protocol. This paper describes the implementationof an alternative protocol - KX - on the popular pksd keyserver[6], based on direct TCP connections between the keyservers andunambiguous identifiers for every key update or new key. With thedropping of the dependency on a working mail system and the improvedfault mechanisms, KX is a lightweight alternative in termsof used network, disk and CPU resources.