On Tue, 12 Apr 2016 15:40, look@my.amazin.horse said:
I have, and it indeed solves the ddos-problem of keyservers. It still
requires connectivity, introduces an arbitrary lookup delay, leaks
metadata, and most importantly - it's not deployed. I would love to see
Running DNS over Tor heavily mitigates the leak of meta data. If you
run a decent gpg version on Windows and Tor is running, gpg will do just
that w/o the need for further configuration. On Unix it is currently
only possible with a patched ADNS version (because upstream is pretty
slow to accept a patch to torify ADNS).
There are privacy aware mail providers who offer OpenPGP DANE. For
example try my callsign @ posteo.net [1]. We are currently talking to
other mail providers to get them to deploy this or a similar https based
key location mechanism.
Salam-Shalom,
Werner
[1] For example by putting this into gpg.conf:
auto-key-locate local,dane,pka,keyserver
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp