From 90243e99303d6c9294a1c91ce97a5c6ffa1d4d20 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 6 Dec 2023 20:08:18 +0100 Subject: [PATCH] outline koo; add 1pa3pc --- book/source/04-certificates.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index a8ed896..af0da2b 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -628,3 +628,27 @@ Without any restrictions in place, malicious entities can flood a certificate wi It also opens the door to potential denial-of-service attacks, rendering the certificate non-functional or significantly impeding its operation. The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) in 2019, causing significant changes to its operation. + +```{note} +The *keys.openpgp.org* (KOO) service performs a similar function as the SKS-style keyservers. +However, there are major differences in its design and tradeoffs. + +The KOO keyserver was designed to: + +1. conform to [GDPR regulations](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation), and +2. be resistant to flooding-style vandalism. + +To achieve these goals, KOO does not serve identitiy components at all, unless an explicit opt-in has been performed, using a confirmation process vial email. Third-party certifications are also not served by default, but only under very specific circumstances, which preclude flooding. +``` + +### First-party attestation of third-party signatures (1pa3pc) + +First-party attestation of third-party signatures (1pa3pc) was designed as a mechanism for flooding-proof distribution of third-part certifications. + +TODO + +#### Support + +The *keys.openpgp.org* (KOO) keyserver [supports *1pa3pc*](https://gitlab.com/keys.openpgp.org/hagrid/-/commit/39c0e12ac64588220d36bada6497d8396f5915b3). + +The Hockeypuck keyserver software [plans to add support for *1pa3pc*](https://github.com/hockeypuck/hockeypuck/issues/136#issuecomment-1812466084) in version 2.2.0. \ No newline at end of file