On Tue, 12 Apr 2016 15:49:18 +0200,
Simon Josefsson wrote:
I'd like to discuss a thought that has come up in my work on k9 mail:
Using OpenPGP in E-Mail without relying on keyservers.
Important use-case.
If we don't have bandwidth constraints, we can solve this by sticking
the public key block right next to every signature we make, which
effectively eliminates the need for keyservers (with the possible
exception of the distribution of revocation certs). However, it also
adds ~10kb of size to every signature. This is a rather extreme
approach, and although 10kb are not a lot these days, they add up.
Not necessarily -- I don't think you have to add all signatures to the
key for this use-case to work, do you? If you just include a stripped
public key, verification of the signature will work. It should be max
1-2kb I would guess.
I think 10kb is accurate. If you have a primary and three subkeys and
all four have a self-signature, then you are about 10k:
$ gpg2 -k 0xAACB3243630052D9
pub rsa3744/0xAACB3243630052D9 2015-04-07 [SC] [expires: 2025-04-04]
Key fingerprint = 8F17 7771 18A3 3DDA 9BA4 8E62 AACB 3243 6300 52D9
uid [ultimate] Neal H. Walfield
<neal(_at_)walfield(_dot_)org>
uid [ultimate] Neal H. Walfield <neal(_at_)gnupg(_dot_)org>
uid [ultimate] Neal H. Walfield
<neal(_at_)g10code(_dot_)com>
sub rsa2048/0x7223B56678E02528 2015-04-07 [S] [expires: 2017-04-06]
sub rsa2048/0xC2B819056C652598 2015-04-07 [E] [expires: 2017-04-06]
sub rsa2048/0xA3506AFB820ABD08 2015-04-07 [A] [expires: 2017-04-06]
$ gpg2 --export-options=export-minimal --export 0xAACB3243630052D9 | wc -c
9622
Of course, we can leave off the authorization key in this case. But,
we need the primary key to verify the self-signatures, we need to the
signing key to verify signatures and we need the encryption key to
encrypt. So, this is pretty minimal.
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp