[Cryptography] Privacy-enhanced OpenPGP
Werner Koch
wk at gnupg.org
Fri Sep 30 05:04:09 EDT 2016
On Thu, 29 Sep 2016 09:31, fw at deneb.enyo.de said:
> Is there software which can do something about this? I could run a
> key server locally and download some key server dump once a week or
parcimonie - privacy-friendly helper to refresh a GnuPG keyring
Description-en: privacy-friendly helper to refresh a GnuPG keyring
parcimonie is a daemon that slowly refreshes a gpg public keyring
from a keyserver.
.
Its refreshes one OpenPGP key at a time; between every key update,
parcimonie sleeps a random amount of time, long enough for the
previously used Tor circuit to expire.
.
This process is meant to make it hard for an attacker to correlate
the multiple performed key update operations.
.
See the included design document to learn more about the threat
and risk models parcimonie attempts to help coping with.
Further, we plan to integrate the features of this tool into GnuPG
proper. Current GnuPG already supports Tor and would use Tor by
default if it is running.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160930/73a1e536/attachment.sig>
More information about the cryptography
mailing list