The keyserver is dead. Long live the keyserver!
PGP encryption features frequently in many well-known IT media publications. After all, it is a well-tested technology that has been around for many years, and we think it is one of the most secure of its kind. However, even with well-established technologies, it is important to put them to the test from time to time, so as to see if they are still fit for purpose.
In light of recent reports about targeted attacks and misuse of public keyservers, we asked Peer Heinlein for his view on the subject of PGP encryption.
Media article, e.g. heise online.
Statement of Peer Heinlein, CEO of mailbox.org
The exchange of public keys is the foundation for secure e-mail communication and this process is often facilitated by public keyservers. The recent attacks have demonstrated to great effect that those keys can be associated with spam signatures on a massive scale, which causes problems with a lot of established PGP software. Some skeptics are now questioning the basic concept of public keyservers, casting doubt on the „Web-of-Trust“ and PGP encryption as a whole along with it.
I think PGP is still a secure and well-established technology that will be with us for some time to come. However, I also think that the mechanisms for exchanging public keys between communication partners should be reviewed and reorganized. This refers in particular to the feature that allows the unchecked signing of keys, which does not have many benefits in practice and could therefore be removed without causing much harm.
mailbox.org has been working on this problem for some time and together with Open-Xchange and the Fraunhofer Institute, came up with a solution that does not require a „Web-of-Trust“, which means there is no need for additional third-party signatures. We provide a dedicated keyserver to our customers, where they can upload their public keys and may also create entirely new key pairs. Thanks to the use of the WKD/WKS standards, the PGP clients used by external users are enabled to correctly identify mailbox.org as the relevant keyserver to talk to. Any keys submitted by our server can be considered trustworthy because they originate from uploads made by registered and authenticated users. This mechanism has been implemented in the current version of the widely used cryptography system GNU Privacy Guard (GnuPG) and appears to be working really well.
Based on the positive experiences we have made, I would like to make a strong case for the further distribution of this solution and ask other providers to follow suit and set up their own keyservers in a similar fashion. Their authenticated users could then upload public keys, and PGP clients can automatically retrieve those keys from a trusted environment. As there are well-established standards underpinning the solution, the implementation is relatively straightforward. I believe organizations like ours should pull together to further the cause of secure e-mail communication for the benefit of our clients and customers. We at mailbox.org invite all domain- and e-mail providers to collaborate with us on this issue. We are more than happy to support others with our expertise and experience to help implement and further develop a PGP infrastructure that is fit for the future.