From de37fbc633749a575bcdc8e529db1f85df3d3948 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 30 Jul 2017 18:19:21 +0100 Subject: [PATCH] Move the image --- doc/EN/app_keyserver.org | 8 +++---- website/EN/app_keyserver.html | 42 +++++++++++++++++------------------ 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/doc/EN/app_keyserver.org b/doc/EN/app_keyserver.org index 2bdda0d9..fe663847 100644 --- a/doc/EN/app_keyserver.org +++ b/doc/EN/app_keyserver.org @@ -16,14 +16,14 @@ #+END_EXPORT -#+BEGIN_CENTER -[[file:images/keyserver.jpg]] -#+END_CENTER - The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side. For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers. +#+BEGIN_CENTER +[[file:images/keyserver.jpg]] +#+END_CENTER + * Installation ssh into the system with: diff --git a/website/EN/app_keyserver.html b/website/EN/app_keyserver.html index 9ba85fa5..1421b6f0 100644 --- a/website/EN/app_keyserver.html +++ b/website/EN/app_keyserver.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -248,14 +248,6 @@ for the JavaScript code in this tag.

OpenPGP Key Server

-
- -
-

keyserver.jpg -

-
-
-

The web of trust is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.

@@ -264,9 +256,17 @@ The web of trust is a nice idea, but how trustable is it? If you take a l For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to find out how to communicate with others securely via email. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.

-
-

Installation

-
+
+ +
+

keyserver.jpg +

+
+
+ +
+

Installation

+

ssh into the system with:

@@ -286,9 +286,9 @@ After the install has completed go to Security settings and select Cre
-
-

How to use it

-
+
+

How to use it

+

Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the –keyserver option. For example to search for a key on your server:

@@ -318,9 +318,9 @@ Or to get a key:
-
-

Sync with other keyservers

-
+
+

Sync with other keyservers

+

Key servers avoid censorship or errors by gossiping between each other and cross referencing the data. You can define which other servers your key server will gossip with by going to the Administrator control panel, selecting App Settings then keyserver then Sync with other keyserver.

@@ -330,9 +330,9 @@ It's a good idea not to try to sync with the popular OpenPGP key servers, becaus

-
-

Possible problems

-
+
+

Possible problems

+

OpenPGP key servers are not very well defended from flooding attacks. This means that an adversary could just upload a billion keys to destabilize the server and fill it with nonsense to make it unusable. Since key servers are fully open to the public there isn't anything to prevent that from happening.