1: %        Paper Submission: July 1, 2003 (extended)

2: %        Author Notification: Sep. 15, 2003

3: %        Final Manuscript: Oct. 7, 2003

4: % 	$Id: main.tex,v 1.5 2003/06/16 13:47:04 s-yamane Exp s-yamane $	

5: \documentclass[10pt,twocolumn]{article}

6: %\usepackage{latex8}                    

7: \usepackage{times}                     

8: \usepackage{hyperref} % URL encoding.

9: % ftp://ftp.tex.ac.uk/tex-archive/macros/latex2e/contrib/supported/hyperref/

10: \usepackage[dvips]{graphicx}

11: \begin{document}

12: \title{Rethinking OpenPGP PKI and OpenPGP Public Keyserver}

13: \author{

14:  Shinji Yamane\\

15:  Iwate Prefectural University\\ 

16:  Faculty of Software and Information Science\\ 

17:  Takizawa-aza-Sugo, Takizawa vil. Iwate 0200193 JAPAN\\

18:  {\url{s-yamane@soft.iwate-pu.ac.jp}}

19:  \and

20:  Jiahong Wang\\ Iwate Prefectural University\\ 

21:  pgp-folks@comm.soft.iwate-pu.ac.jp

22:  \and

23:  Hironobu Suzuki\\ Independent Software Consultant\\ 

24:  pgp-folks@comm.soft.iwate-pu.ac.jp

25:  \and     

26:  Norihisa Segawa\\ Iwate Prefectural University\\ 

27:  pgp-folks@comm.soft.iwate-pu.ac.jp

28:  \and

29:  Yuko Murayama\\ Iwate Prefectural University\\ 

30:  Murayama@iwate-pu.ac.jp

31: }

32: \maketitle

33: \thispagestyle{empty}

34: 

35: \begin{abstract}

36: %TITLE: ``Rethinking OpenPGP PKI and OpenPGP Public Keyserver''\\

37:  OpenPGP, an IETF Proposed Standard based on

38: PGP\textregistered\ application, has its own Public

39: Key Infrastructure (PKI) architecture which is different from the one

40: based on X.509, another standard from ITU. This paper describes

41: the OpenPGP PKI; the historical perspective as well as its current use.

42: We also compare three PKI technologies standardized by IETF:

43: OpenPGP, PKIX(X.509), and SPKI/SDSI.

44: %Finally we propose a new design and implementation for the next

45: %generation OpenPGP public keyserver.

46: 

47: Since the OpenPGP PKI works without a registration authority nor

48: certification authority, it fits well with the Internet communication

49: with voluntary community.

50:  For example, the digital signature for email including the security

51: patch program of free software is usually signed by not an authorized

52: organization but the cross-PGP-signed individuals who belong to

53: different organizations or nations.

54: 

55: The current OpenPGP PKI issues include the capability of a PGP keyserver and

56: its performance. PGP keyservers have been developed and operated

57: by volunteers since the 1990s. The keyservers distribute, merge, and

58: expire the OpenPGP public keys.

59: Major keyserver managers from several countries have built the globally

60: distributed network of PGP keyservers. However, the current PGP Public

61: Keyserver (pksd) has some limitations. It does not support fully the

62:  OpenPGP format so that it is neither expandable nor flexible, without

63: any cluster technology.

64: 

65: Finally we introduce the project on the next generation OpenPGP 

66: public keyserver called the OpenPKSD, lead by Hironobu Suzuki, one of the

67: authors, and funded by Japanese Information-technology Promotion Agency(IPA).

68: %The OpenPKSD is developed by Hironobu Suzuki

69: %and has been distributed its developers' version under GPL.

70: \end{abstract}

71: \setcounter{tocdepth}{4}

72: %\tableofcontents

73: 

74: %------------------------------------------------------------------------- 

75: \section{Introduction}

76: 

77: Authentication is an essential factor of information security in network

78: society.

79: The difficulty of building a Public-Key Infrastructure (PKI) is a major

80: impediment to strong authentication.

81: Without PKI, we cannot trust neither digital signature nor certification

82: based on the public key cryptosystem via wide-area network.

83: 

84: In following section \ref{sec:PKI} and \ref{sec:PKIs}, we overview the

85: PKI architecture comparing several models. In

86: section \ref{web_of_trust}, we examine a PKI without authorities which

87: is presented by the OpenPGP technology and compare it with the other

88: models.

89: % for Pros and Cons. 

90: Then we point out the role of the PGP

91: keyserver in section \ref{sec:keyserver}

92: and introduce the next generation OpenPGP public keyserver

93: project in section \ref{OpenPKSD}. 

94: Finally we give some conclusions.

95: 

96: \section{PKI architectures}\label{sec:PKI}

97: PKI has three core functions as follows to manage 

98: the users' certification and trust relations

99: ~\cite[s.v. ``public-key infrastructure'']{FYI36}:

100: \begin{enumerate}

101:  \item to register users and issue their public-key certificates

102:  \item to revoke certificates when required

103:  \item to archive data needed to validate certificates at a much later

104:     time

105: \end{enumerate}

106: % 

107: To operate these three functions with many users on a large-scale network,

108: many PKI have a hierarchical structure for CAs

109: and are built using a centralized architecture.

110: However there are alternatives.

111: 

112: PKI is categorized by the architecture types as follows:

113: 1) hierarchical PKI, 2) mesh PKI, and 3) trust-file PKI~\cite[s.v. ``trusted certificate'']{FYI36}. 

114: The difference is the way how they rely on CA (Certification Authority).

115: A hierarchical PKI has the most significant CA in terms of trust 

116: at the root of the hierarchy tree.

117: A mesh PKI has CAs issue cross-certificates to each other.

118: A trust-file PKI has a local file of public-key

119:  certificates that the user trusts as starting points

120:  for certification chain.

121: 

122: For example, popular browsers are distributed with an initial file of

123: trusted certificates, the starting points for certification paths. 

124: The initial file is different between among the each PKI

125: architecture. 

126:  In a hierarchical PKI, the initial file is the root certificate in a

127: hierarchical PKI. It is usually ``baked into'' the browsers with no 

128: decisions by the users to trust them. In a mesh PKI, it is the

129: certificate of the CA that issued the user's own certificate. 

130: And in a trust-file PKI, any

131: certificates including self-signed certificates

132: accepted by the user can be the first public key in a certification path.

133: 

134: \section{PKI standards}\label{sec:PKIs}

135: To build PKIs, different standards are developed.

136: They are based on their own framework and architecture and they are never

137: the same.

138: This section compares different PKI architectures:

139: 1) X.509 standard from ITU,

140: 2) OpenPGP, an IETF Proposed standard based on PGP\textregistered\

141: application,

142: and

143: 3) SPKI, another standards based on the theoretical research.

144: 

145: %\subsection{X.509-based PKI}

146: X.509 is the earliest framework

147: to provide and support authentication 

148: including formats for X.509 public-key

149: certificates, X.509 attribute certificates, and X.509 CRLs.

150: X.509 is the hierarchical PKI that a CA, central digital certificates

151: issuer, is responsible for managing the certificates.

152: % CA$B$N5!G=$K$OEPO?5!G=$b4^$^$l$k$,!$$=$N5!G=$OEPO?5!4X(B (RA)$B$K0QBw$5$l$k>l9g(B

153: % $B$b$"$j!$I,$:$7$b(BCA$B<+$i$,EPO?$r9T$J$&I,MW$O$J$$!%(B

154: 

155: Historically, X.509 was standardized by ITU-T (Inter\-national

156: Tele\-communication Union Tele\-communication sector, formerly CCITT) and

157: turned to be ISO standard.

158: X.509 follows the X.500 directory service and provides an example of

159: reliable authentication and certification.

160: In practice, developers relax the strict X.500 service scheme.

161: For example, 

162: X.509v3 (Version 3) certificate has ``extensions'' field for 

163: flexible operation.

164: % (see table \ref{table:X.509v3})$B!%(B

165: % 

166: %\onecolumn

167: %\begin{table}[h]

168: % \begin{center}

169: % \begin{tabular}{|l|l|}

170: %  \hline

171: %   1. version        & Identifies v1, v2, or v3. \\ 

172: %   2. serialNumber     & Certificate serial number; \\ 

173: %                & an integer assigned by the issuer. \\ 

174: %   3. signature       & OID (object identifier) of algorithm \\ 

175: %                & that was used to sign the certificate. \\ 

176: %   4. issuer        & DN (distinguished name) of the \\ 

177: %                & issuer (the CA who signed). \\ 

178: %   5. validity       & Validity period; a pair of UTCTime \\ 

179: %                & values: ``not before'' and ``not after''. \\ 

180: %   6. subject        & DN of entity who owns the public key. \\ 

181: %   7. subjectPublicKeyInfo & Public key value and algorithm OID. \\ 

182: %   8. issuerUniqueIdentifier & Defined for v2, v3; optional. \\ 

183: %   9. subjectUniqueIdentifier & Defined for v2, v2; optional. \\ 

184: %   10. extensions       & Defined only for v3; optional. \\ 

185: %  \hline

186: % \end{tabular}

187: % \end{center}

188: % \caption{X.509 public-key certificate}\label{table:X.509v3}

189: %\end{table}

190: %\twocolumn

191: 

192: IETF had discussed about the design based on

193: X.509 framework from each applications to general PKI.

194: % S/MIME (Secure/Multipurpose Internet Mail Extensions) and 

195: % PKCS (Public-Key Cryptography Standards)~\cite{RFC2986} proposed by 

196: % RSA Data Security and standardized by 

197: % IETF S/MIME Working Group

198: % ({\url{http://www.ietf.org/html.charters/smime-charter.html}}).

199: %

200: % S/MIME$B$NG'>Z5!9=$O(BPKIX Working Group$B$N(B

201: % $B:n6H$K4p$E$$$F9T$J$o$l$k$3$H$K$J$C$F$*$j!$N>%0%k!<%W$OL)@\$J4X78$K$"$k!%(B

202: % S/MIME$B$K$D$$$F$O(BRFC 2311, 2312$B$K$F5,3J2=$5$l!$$=$l$rF'$^$($?(B

203: % $B%$%s%?!<%M%C%H$G$N(BX.509$B$K$D$$$F$O(BRFC 2459$B$K$F5,3J2=$5$l$F$$$k!%(B

204: Internet standards for X.509 PKI framework is developed 

205: at IETF Public-Key Infrastructure (X.509) Working Group. 

206: % (PKIX, {\url{http://www.ietf.org/html.charters/pkix-charter.html}}).

207: PKIX not only profiles X.509 standards, but also

208: develops new standards apropos to the use of X.509-based PKIs in the

209: Internet.

210: 

211: One of the most popular implementations of X.509-based PKI

212: is OpenSSL ({\url{http://www.openssl.org/}}, formerly SSLeay).

213: OpenSSL is a set of Open Source

214: cryptography libtaries including X.509 CA operation scripts

215: and distributed freely, such as a part

216: of PKI package for either commercial or non-commercial purpose.

217: % 

218: % OpenSSL$B$OEv=i$O0E9fM"=P5,@)$N$+$+$i$J$$(BSSL$B%i%$%V%i%j$H$7$F?M5$$r(B

219: % $B=8$a!$:#F|$G$OF3F~$,4JC1$J(BPKI$B%i%$%V%i%j$H$7$F$b;H$o$l$F$$$k!%(B

220: 

221: %\subsection{OpenPGP PKI}

222: %This section describes OpenPGP PKI from the historical background as well as

223: %its current use.

224: 

225: % \subsubsection{PGP}

226:  OpenPGP is the standard based on Pretty Good Privacy\textregistered\

227: (PGP\textregistered) application which is developed by 

228: Philip Zimmermann~\cite{garfinkel94}.

229: PGP\textregistered\ is provided as 

230: commercial version and `freeware' version for

231: non-commercial/non-governmental purposes only.

232: 

233: The specification of PGP is standardized as OpenPGP by IETF OpenPGP Working Group.

234: %({\url{http://www.ietf.org/html.charters/openpgp-charter.html}}).

235: Today 

236: ``Open\-PGP Message Format'' is defined in RFC2440~\cite{RFC2440}

237: and to be updated~\cite{RFC2440bis08}.

238: % 

239: % 2002$BG/$^$G$K(BRFC$B2=$5$l$?$b$N$G!$M-8z$J$b$N$O0J2<$N$b$N$G$"$k!%(B

240: % \begin{description}

241: % \item[RFC2440, `` OpenPGP Message Format''] 

242: % OpenPGP $B$rDj$a$?5,3J!%(B

243: % 	  RFC 1991, ``PGP Message Exchange Formats''$B$O(BPGP$B%P!<%8%g%s(B2$B$r(B

244: % 	  $B$b$H$K:n$i$l$?5,3J$@$,!$(BRFC 2440$B$O(BPGP$B%P!<%8%g%s(B5$B0J9_$r$b$H$K(B

245: % 	  $B$7$F:n$i$l$??7$7$$5,3J$G$"$k!%(B1998$BG/H/9T!%(B\\ 

246: % 	  2003$BG/(B5$B7n8=:_!$MxMQ$G$-$k0E9f%"%k%4%j%:%`$N8+D>$7$J$I$r9T$J$C(B

247: % 	  $B$?2~D{HG(B~\cite{RFC2440bis08}$B$r:vDjCf$G$"$k!%(B

248: % \item[RFC3156, ``MIME Security with OpenPGP''] 

249: % 	  RFC2015, ``MIME Security with Pretty Good Privacy (PGP)''$B$r2~D{$7$?$b$N!%(B

250: % 	  $BJLL>(B OpenPGP /MIME$B$H$b8F$P$l$k!%(B2001$BG/H/9T!%(B

251: % \end{description}

252: % 

253: % \subsubsection{GNU Privacy Guard}

254: The most popular OpenPGP implemenation is 

255: GnuPG (GNU Privacy Guard), developed by Free Software Foundation

256: and maintained by Werner Koch of GUUG (German Unix Users Group).

257: % 

258: % Version 0.0.0$B$O(B1997$BG/(B12$B7n$K%j%j!<%9$5$l!$8=:_$K;j$k$^$G3hH/$K(B

259: % $B3+H/$,?J$a$i$l$F$$$k!%(B

260: % 2002$BG/(B2$B7n$N;~E@$G:G?7HG$O(BVersion 1.0.6$B$G$"$k!%(B

261: % GnuPG$B$NFCD'$H$7$F!$(B

262: % GNU Public License$B$K=>$C$F!$>&MQHs>&MQ$rLd$o$:(B

263: % $B<+M3$K2~NI$d:FG[I[$,$G$-$k$3$H$,5s$2$i$l$k!%(B

264: % $B$^$?FC5v$G@)8B$5$l$?%"%k%4%j%:%`$rA4$/;H$C$F$$$J$$$?$a$K!$(B

265: % $BFC5v>e$NMxMQ@)8B$b$J$$$H$$$&FCD'$r;}$C$F$$$k!%(B

266: % $B$?$H$($P(BRSA$B0E9f$OFC5v@)8B$,$"$k$?$a$KI8=`%Q%C%1!<%8$K$O4^$^$l$J$+$C$?$,!$(B

267: % 2000$BG/(B9$B7n$N(BRSA$B%"%k%4%j%:%`$N(BPublic domain$B2=$K$H$b$J$$!$(B

268: % $B%P!<%8%g%s(B1.0.4$B$+$i$O(BRSA$B$,I8=`$G;H$($k$h$&$K$J$C$?!%(B

269: %

270: Either PGP or GnuPG has been known as email cryptography software firstly, 

271: however they has become the general purpose data encryption tool,

272: including key exchange over Internet, trust computation, etc.

273: In the following sections, we examine the only PKI part of OpenPGP.

274: %

275: % ($B$?$@$7%$%s%?!<%M%C%H$rMxMQ$9$k%f!<%6$,:G$bB?$/MxMQ$9$k%5!<%S%9$O(B

276: % $B%a!<%k$G$"$k$N$G!$7k2LE*$K(B OpenPGP $B$,B?$/MxMQ$5$l$k>lLL$O%a!<%k$G$"$k$3(B%$B$H$O;v<B$G$"$k!%(B

277: % OpenPGP $B$O=PNO%U%)!<%^%C%H$r%P%$%J%j$b$7$/$O%"%9%-!<(B (Radix-64$B7A<0(B)$B$G(B

278: % $BNO$G$-$k$?$a!$%"%9%-!<=PNO$5$l$?7k2L$r%a!<%k$=$NB>$N%a%C%;!<%8(B

279: % $B$KD%$j$D$1$F(B

280: % $B%"%9%-!<7A<0$N%F%-%9%H%U%!%$%k$H$7$FAw$k$3$H$O%$%s%?!<%M%C%H$G$O(B

281: % $B9-$/9T$o$l$F$-$?!%(B)

282: 

283: %\subsection{SPKI}

284: It is worth to point out another possible architecture, as 

285: we sometimes take an closed binary question such as ``X.509 or OpenPGP,

286: which is better?'', not as 

287: ``Which PKI will be the appropriate solution for different usage-scenarios?''.

288: %

289: There exists another PKI standardized by IETF --- SPKI (Simple Public Key

290: Infrastructure).

291: IETF SPKI Working Group

292: % ({\url{http://www.ietf.org/html.charters/spki-charter.html}})

293: finished its initial standardization process

294: and bring into the inter-operation stage~\cite{Ninghui2000,RFC2693}.

295: It is also called SPKI/SDSI as it is a joint force with SDSI (Simple

296: Distributed Security Infrastructure) research.

297: % by Rivest and Lampson.

298: SPKI is designed with distributed and scalable architecture in

299: many aspects, i.e., no single root CA, no globally distinguished name,

300: and flexible validity periods~\cite{Adams1991,Adam1997}.

301: %suited to the operation with WWW better than X.509

302: 

303: % $B!Z:o=|![(B

304: % \begin{table}

305: % \begin{center}

306: %  \begin{tabular}{|c||c|c|}

307: %  \hline

308: %  $BG'>ZJ}<0$N<oN`(B & $BG'>Z6I(B (CA)$B$NFC@-(B & $B<1JL;R$NFC@-(B \\ 

309: %  \hline \hline

310: %  X.509 & $B3,AX2=(B & $B%0%m!<%P%k(B\\ 

311: %  & $BG'>Z<B;\5,Dx(B (CPS)$B$J$7(B & (X.500$B<1JL;R(B) \\ 

312: %  \hline

313: %   OpenPGP & Web of Trust & $B%0%m!<%P%k!$%f%K!<%/(B\\ 

314: %  & & ($BEE;R%a!<%k%"%I%l%9(B)\\ 

315: %  \hline

316: %  SPKI/SDSI & $BC10l$NL?L>6I(B & $B%m!<%+%k(B \\ 

317: %  & $BG'>Z<B;\5,Dx(B (CPS)$B$J$7(B & \\ 

318: %  \hline

319: %  SPKI without names & $B5v2DG'>Z(B & $B%0%m!<%P%k!$%f%K!<%/(B \\ 

320: %  & $BK\?M@-$H8x3+80(BID$B$NJ,N%(B & ($B>WFM:$Fq$J8x3+80(BID)\\ 

321: %  \hline

322: %  \end{tabular}

323: % \end{center}

324: %  \caption{Comparison of Certificate Types}\label{SPKI}

325: % \end{table}

326: 

327: Table \ref{table:SPKI/SDSI} shows the technical comparison 

328: of X.509, OpenPGP, and SPKI/SDSI

329: based on the analysis by Clarke~\cite{Clarke2001}.

330: 

331: %% table $B8e$m$K0\F0(B %%

332: 

333: \section{Certification without Authority}\label{web_of_trust}

334: 

335: \subsection{From Face-to-Face to Web of Trust}

336: Without a certification authority,

337: the problem of trusting keys arise 

338: to assess applicants before giving out certificates.

339: %

340: In OpenPGP, there are no official mechanism for creating certificates,

341: no officail channel for acquiring and distributing. 

342: It makes the

343: process of certification into the face-to-face, {\it ad hoc} situation.

344: Each end user is respobsible to decide which certificate (public key of

345: an user) is trusted and accepted to be added into their local trust-file

346: (denoted ``keyring'' in PGP).

347: 

348: This certification process does not require a trusted, monitored

349: registration authority or certification authority, however, it lacks

350: scalability.

351: So since PGP\textregistered\ 2.0~\cite[pp.~201--203]{Levy2001},

352: ``web of trust'' model that PGP signer acts as an introducer between

353: people had been supported.

354: % PGP 2.0 in 1992 

355: % ``He[Zimmermann] didn't have the wherewithal, or money, to set up a closely

356: % monitored certification authority to distribute and verify public keys.''

357: % ~\cite[p.~201]{Levy2001}

358: 

359: Figure \ref{fig:pki.eps} illustrates the model of hierarchical PKI and 

360: web of trust.

361: 

362: \vspace{1.0cm}

363: \begin{figure}[h]

364:  \begin{center}

365:  \includegraphics[width=3.0in]{pki.eps}

366:  \end{center}

367:  \caption{Hierarchical PKI and Web of Trust~\cite{Caronni2000}}\label{fig:pki.eps}

368: \end{figure}

369: 

370: % PGP$B$O0E9f2=$7$?$j$=$l$rI|9f$9$k$@$1$G$O$J$/!$8x3+800E9f$r;H$C$?(B

371: % $BEE;R=pL>$r$9$k;v$,$G$-$k!%$7$+$7$J$,$i(BPGP$B$G$O!$(B

372: % $B$=$N8x3+80$d=pL>$,K\?M$N$b$N$G$"$k$+$I$&$+$rJ]>Z$9$k5!4X$OB8:_$;$:!$(B

373: % $BMxMQ<T$O<+J,<+?H$G?.Mj@-$rH=CG$9$k$h$&$K@_7W$5$l$F$$$k!%(B

374: 

375: % OpenPGP $B$O!$(BX.509$B$GDs0F$5$l$?%b%G%k$H$O0[$J$kFH<+$N(BPKI$B$K$h$C$F(B

376: % $BEE;R=pL>$NG'>Z$r9T$J$&!%(B

377: % OpenPGP $B$G$O8x3+800E9f$,K\?M$N$b$N$G$"$k$+$I$&$+$r(B

378: % $BKvC<MxMQ<TF1;N$,8D?M%l%Y%k$GG'>Z$9$k%b%G%k$r:NMQ$7$F$$$k!%(B

379: % $B$D$^$j!$$I$N>ZL@=q$r?.Mj$7$F$I$N>ZL@=q$rGS=|$9$k$+$O(B

380: % CA$B$G$O$J$/3FMxMQ<T$,@UG$$rIi$&!%(B

381: % ``Web of Trust'' ($B?.Mj$NNX(B)$B$HI=8=$5$l$F$$$k(B

382: % PGP2.0$B$+$iDs6!$5$l$F$$$k(B~\cite[pp.~201--203]{Levy2001}$B!%(B

383: 

384: % $BMxMQ<T<+?H$,H=CG$9$k:]$NH=CG:`NA$H$7$F!$(BPGP$B$O<+J,$,?.Mj$7$?>R2p<T$N(B

385: % $B=pL>$r?.MQ$9$k$H$$$&<jCJ$rDs6!$7$F$$$k!%$3$N?.Mj$N$D$J$,$j$O(B

386: % Web of Trust ($B?.Mj$NNX(B)$B$H8F$P$l$F$*$j!$(B

387: % $B$3$N?.Mj$NNX$N%M%C%H%o!<%/$,$*$h$VHO0O$K$*$$$F(B

388: % PGP$B$O%;%s%?!<$rI,MW$H$;$:$K0BA4$J%3%_%e%K%1!<%7%g%s$r9T$J$&$3$H$,$G$-$k!%(B

389: 

390: \subsection{Internet Usage Scenarios}

391:  OpenPGP has its own market which is different with X.509,

392: and OpenPGP community has grown in a global Internet.

393: %$B$3$l$G$OBg5,LO$JG'>Z%7%9%F%`$N1?1D$K$OIT8~$-$@$H8@$($k$+$b$7$l$J$$!%(B

394: %$B$7$+$7$J$,$i!$(BPGP/GnuPG$B$OA4@$3&5,LO$N%$%s%?!<%M%C%H%3%_%e%K%F%#$K$*$$$F(B

395: %$BMxMQ$5$l$F$-$?!%(B

396: 

397: The most famous and critical use might be security alerts.

398: FIRST (Forum of Incident Response and Security Teams) and its members

399: including CERT(Computer Emergency ResponseTeam)/CC(Coordination Center)

400: have their official PGP/GnuPG public keys publicly available~\cite{First2001},

401: and have signed their alerts with their own PGP/GnuPG key.

402: 

403: Usenet, operated by volunteer NetNews managers, is another example of

404: the distributed network with OpenPGP PKI. The digital signature for

405: Usenet control commands should be signed with PGP keys of represented

406: voluntary managers since 1990s~\cite{pgpcontrol}.

407: %$B$?$H$($P!$%K%e!<%9%0%k!<%W$GG[?.$5$l$k%3%s%H%m!<%k%a%C(B

408: %$B%;!<%8$X$N(BPGP$B=pL>$O(B1990$BG/Be$+$i$9$G$K<BMQ2=$5$l$F$$$k(B

409: %$B$3$l$O!$%a%C%;!<%8$rCf7Q$9$k@$3&3FCO$NL5?t$N%K%e!<%9%5!<%P$,(B

410: %$B%3%s%H%m!<%k%a%C%;!<%8(B ($B%K%e!<%9%0%k!<%W4IM}$K4X$o$kFCDj$N%a%C%;!<%8(B)$B$X$N(B

411: %$B=pL>$r<+F0E*$K8!>Z$9$k;EAH$_$G$"$k!%(B

412: 

413: %$B!Z0J2<$N%U%j!<%=%U%H%&%'%"$d%3%9%H$N9M;!$O$3$3$G$O07$o$J$$!%![(B

414: %$B%K%e!<%9%0%k!<%W$X$NG[?.<u?.$K$OBh;0<T5!4X$NEPO?$OI,MW$J$/!$(B

415: %$B%K%e!<%9%5!<%P$H(BPGP/GnuPG$B$rF3F~$7$F(B

416: %$B%3%s%H%m!<%k%a%C%;!<%8MQ$N8x3+80>pJs$r@_Dj$9$l$PC/$b$,$3$NEE;R=pL>(B

417: %$B%7%9%F%`$rMxMQ2DG=$G$"$k!%(B

418: %$B$3$N%7%9%F%`$,<BMQ2=$5$l$?M}M3$H$7$F!$%=!<%9%3!<%I$*$h$S%I%-%e%a%s%H$,$9$Y$FL5(B

419: %$BNA$G8x3+$5$l$F$$$kE@$b$"$2$i$l$k!%(B

420: %INN, C News, DNews, ANU News$B$H$$$C$?<gMW%K%e!<%9%5!<%P$,(B

421: %$BB.$d$+$K$3$N5!9=$r<BAu$G$-$?$N$b!$$3$N%*!<%W%s%=!<%9$NMxE@$r@8$+$7$?(B

422: %$B$?$a$@$H9M$($i$l$k!%(B

423: 

424: %$B$3$N$h$&$K8+$k$H!$(B OpenPGP $B$KE,$7$F$$$k$N$O!$(B

425: % ($B%K%e!<%9%0%k!<%W$N$h$&$K(B)

426: %$BMxMQ$K:]$7$FBh;0<T5!4X$NEPO?G'>Z$rI,MW$H$7$J$$%7%9%F%`$G$"$j!$(B

427: %$BKvC<F1;N$,?o;~%a%C%;!<%8$r8r49$7G'>Z$r9T$J$&%"%I%[%C%/$J%7%9%F%`(B

428: %(peer-to-peer$B%7%9%F%`(B)$B$G$"$k!%(B

429: %$B:#8e$5$i$J$k3+H/$*$h$S<BMQ2=$,8+9~$^$l$k(Bpeer-to-peer$B%7%9%F%`$G$O!$(B

430: %$B%;%-%e%j%F%#$d%"%+%&%s%?%S%j%F%#$rJ]>Z$9$k$?$a$K(B OpenPGP $B$N(B

431: %``Web of Trust''$B$NMxMQ$,?J$`$H9M$($i$l$k!%(B

432: %

433: %$B$^$?!$Dc%3%9%H$G(BPKI$B$r9=C[$9$k>l9g$K$b(B OpenPGP $B$*$h$S4XO"$9$k%*!<%W%s%=!<%9(B

434: %$B%=%U%H%&%'%"$NMxMQ$OM-8z$@$H9M$($i$l$k!%(B

435: %

436: %$B$=$l$KBP$7$F!$(BX.509$B$N(BPKI$B$O!$%"%I%[%C%/$JEPO?(B/$BG'>Z:n6H$K$OE,$7$F$$$J$$$,!$(B

437: %$B7QB3E*$D0BDj$7$?G'>Z%5!<%S%9$KE,$7$F$$$k!%(B

438: 

439: \subsection{What is the Web of Trust?}

440:  OpenPGP provides key management and certificate services

441: using local trust-file PKI.

442: The more signature is accepted, the more trust-file generated.

443: Figure \ref{fig:phillylinux.ps} is an example of a trust-file

444: visualized the relashonship of OpenPGP signature.

445: This graph illustrates who introduce the other or who meets with face-to-face,

446: in other words, whose key signed the others' public key.

447: There are no central authorities but multiplexed indivisual

448: relationships in a community.

449: 

450: % $B?^(B\ref{fig:debian.ps}$B$O!$(B

451: % $B%U%j!<%=%U%H%&%'%"(BDebian$B$N3+H/<T%0%k!<%W$N3+H/<T$,;H$C$F$$$k8x3+80(B

452: % $B$N=pL>4X78$r2r@O$7!$%0%i%U2=$7$?$b$N$G$"$k!%(B

453: % 1$B8D$N8x3+80$O4v$D$+$NItIJ(B ($B%Q%1%C%H(B)$B$+$i9=@.$5$l$F$$$k!%(B

454: % $B$3$l$O8x3+80%Q%1%C%H$d8x3+80$X$N=pL>%Q%1%C%H$H8F$P$l$F$$$k$,!$(B

455: % $B$3$N%Q%1%C%H$rD4$Y$k$3$H$K$h$C$F$=$N8x3+80$K=pL>$7$F$$$k$N(B

456: % $B$,C/$J$N$+$r8!>Z$9$k$3$H$,$G$-$k!%(B

457: 

458: \begin{figure}[h]

459:  \begin{center}

460:  \includegraphics[width=3.3in]{phillylinux.ps}

461:  \end{center}

462:  \caption{Visialized Web of Certificate~\cite{springgraph}}\label{fig:phillylinux.ps}

463: \end{figure}

464: 

465: 

466: % $B$3$N$h$&$K$7$F!$(BPGP$B$N$d$j$H$j$K$*$1$k?.MQ$NH=CG:`NA$H$J$k(B

467: % $B4X78$N$D$J$,$j!$$9$J$o$A=pL>4X78$rL\$G8+$?>l9g!$(B

468: % $B>e0L$b2<0L$b$J$$!$=E$J$j2q$&8D?MF1;N$N4X78$H$J$k$3$H$,M}2r$G$-$k!%(B

469: % 

470: % $B$?$@$7!$$3$l$O?.Mj4X78$rI=$o$9$b$N$G$O$J$$!%(B

471: % $B$3$l$K$D$$$F$O<!$G@bL@$9$k!%(B

472: 

473: %\subsection{Trust Signature}

474: However, this graph is not a ``web of trust'' but just a ``web of

475: certificates''.

476:  OpenPGP separate the trustworthy from validity of cerfiticate.

477: For example, the amount of trust of the introducer and unknown newcomer is

478: different for an OpenPGP user.

479: Even if their certification is valid, the issuer of the key is not 

480: an authority but the users own. 

481: So OpenPGP users should be responsible on

482: ``Whose keys should be taken as valid but untrusted?''~\cite[p.~81]{Stajano2002}.

483: 

484: In OpenPGP, users issue their signature to the other's public key with

485: their degree of trust. This is denoted ``trust signature'' and

486: represented as (trust level, trust amount)

487: with OpenPGP key management and certificate service.

488: An ordinary valid signed key is trust level 0, and 

489: The signed key is asserted to be a valid trusted introducer

490: is level 1.

491: Level 2 means ``meta introducer'' or ``introducer-of-introducer''

492: that its signed key is asserted to be trusted 

493: to issue level 1 trust signatures.

494: (Generally, as the introducer is more trustworthy,

495: a level $n$ trust signature asserts that a key is trusted to

496: issue level $n-1$ trust signatures.)

497: The trust amount is in a range from 0--255,

498: and appointed 60 for partial trust and 120 for complete trust~\cite[s.v. ``Trust Signature'']{RFC2440}.

499: As OpenPGP distinguished the trust from validity, 

500: ``web of trust'' is also distinguished from ``web of certificates''.

501: 

502: % ``introducer'' is not ``certification authority''

503: 

504: \subsection{PGP Revocation Problem}\label{revocation}

505: 

506: The weakest link of OpenPGP PKI is the revocation of public

507: key~\cite[pp.~585--586]{Schneier1995}~\cite[p.~309]{P2P2001:ch16}.

508: As there is no official channel for acquiring and distributing OpenPGP 

509: public keys, there are no guarantee about 

510: how to tell everyone that your key is no longer valid.

511: 

512: % OpenPGP $B$rB>$N(BPKI$B$HHf3S$7$?:]$K!$KvC<MxMQ<T$,DL?.Aj<j$N80$r$I$N$h$&$K(B

513: % $BF~<j$7?.Mj$9$k$N$+$H$$$&LdBj$r@h$K=R$Y$?!%$=$7$F$5$i$K?<9o$JLdBjE@$b(B

514: % $BB8:_$9$k!%$=$l$O!$8x3+80$N<:8z$N=hM}$G$"$k!%(B

515: % $B$?$H$($PO31L$d2~cb$K$h$C$F<+J,$,G[$C$?8x3+80$,;H$($J$/$J$C$?;~!$(B

516: % $B0J2<$NLdBjE@$,;XE&$5$l$F$$$k(B

517: % ~\cite[pp.~585--586]{Schneier1995}~\cite[p.~309]{P2P2001:ch16}

518: % \begin{itemize}

519: % \item $BHkL)80$r$J$/$7$F$7$^$C$?$i8x3+80$r<h$j>C$9$3$H$,$G$-$J$$(B

520: % \item $B8x3+80$r<h$j>C$7$F$b!$8x3+80$rG[I[$7$?A40w$K<h$j>C$7>pJs$,EA$o$kJ]>Z$,$J$$(B

521: % \end{itemize}

522: % $B$3$l$O$$$:$l$b(BPGP$B$N1?MQ$K$*$1$k8x3+80$N<h$j>C$7%7%9%F%`$,IT==J,$G$"$k(B

523: % $B$?$a$K5/$3$kLdBj$G$"$k!%(B

524: % 

525: % ``The weakest link of this[PGP] whole system is key revocation: It is

526: % impossible to guarantee that no one will use a compromised key. If

527: % Alice's private key is stolen she can send out something called a {\bf

528: % key revocation certificate}, but since key distribution is {\it ad hoc}

529: % and largely word of mouth there is no guarantee that it will reach

530: % everyone who has her public key on his key ring. And as Alice has to

531: % sign the key revocation certificate with her private key; if she loses

532: % the key altogether she cannot revoke it.'' ~

533: % ~\cite[pp.~585--586]{Schneier1995}

534: % 

535: % ``How do you tell everyone that your key is no longer valid? How do you

536: % tell everyone that your certificate on a key should be changed? For that

537: % matter, what exactly did Bob mean when he certified Charlie's key, and

538: % does Charlie mean the same thing when he certifies David's key?''

539: % ~\cite[p.~309]{P2P2001:ch16}

540: 

541: % $B8x3+80$NM-8z4|4VCf$KFbMFJQ99!&HkL)80$NEpFq!&J6<:!&GK2u$J$I$,@8$8$?$?$a$K(B

542: % $B8x3+80>ZL@=q$,<:8z$7$?>l9g!$MxMQ<T$KDLCN$9$kI,MW$,@8$8$k!%(B

543: % $B$3$N>l9g!$(BX.509$B$G$O(BCA$B$,$=$l$>$l$N(B

544: % $B1?1DJ}?K$K1~$8$F>ZL@=q<:8z%j%9%H(B (CRL)$B$r:n@.$7!$O"7H$9$k(BCA$B$X$HG[I[$9$k!%(B

545: % $B$=$l$KBP$7$F(B OpenPGP $B$G$O!$MxMQ<T<+?H$,GK4~>ZL@=q$r:n@.$7!$(B

546: % $B3FMxMQ<T$XG[I[$9$k!%$=$N:]$NLdBjE@$H$7$F!$(B

547: % $BMxMQ<T$X$NDLCN$,:$Fq$J$3$H!$$5$i$KMxMQ<T<+?H$,HkL)80$rJ6<:$7$?:]$K$O(B

548: % $BGK4~>ZL@=q$9$i:n@.$G$-$J$/$J$k!%(B

549: % $B$3$NLdBj$KBP$7$FK\O@J8$G$O80%5!<%P$r;H$&$3$H$,M-8z$@$H9M$($k!%(B

550: % $B$3$N8!F$$K$D$$$F$O80%5!<%P$N@a$G=R$Y$k!%(B

551: 

552: % PGP certificates are revoked when private keys are compromised (or users

553: % forget the passwords locking their private keys). In X.509, only the

554: % certificate's issuer can revoke a certificate. In PGP, "only the

555: % certificate's owner (the holder of its corresponding private key) or

556: % someone whom the certificate's owner has designated as a revoker can

557: % revoke a PGP certificate. (Designating a revoker is an useful practice,

558: % as it's often the loss of the passphrase for the certificate's

559: % corresponding private key that leads a PGP user to revoke his or her

560: % certificate - a task that is only possible if one has access to the

561: % private key.)"14 

562: % As PGP does not use commercial CAs, the PKI does not

563: % use CRLs for revocation.

564: % ~\cite[pp.~56--57]{Clarke2001}

565: 

566: The typical answer to this revocation problem of PGP is to use

567: PGP public keyserver for distributing certification.

568: ``Typically, to communicate that a certificate has been revoked, a signed

569: note, called a key revocation certificate, is posted on PGP certificate

570: servers, and widely distributed to people who have the key on their

571: public keyrings. People wishing to communicate with the affected user,

572: or use the affected key to authenticate other keys, are warned about the

573: hazards of using that public key''~\cite[pp.~56--57]{Clarke2001}.

574: However, there are few research on the PGP public keyserver and 

575: usually the keyserver is not considered as the part of OpenPGP PKI.

576: In the following, this paper examines PGP keyserver

577: as the part of OpenPGP PKI.

578: 

579: \section{Related Works}\label{sec:related_works}

580: There are several research fields related to OpenPGP public keyserver.

581: The first is the study on the traditional PGP public keyservers,

582: %(the most of keyserver is still based on PGP\textregistered\ 

583: %application and not fully supports OpenPGP standard)

584: the second is the integrated channel for OpenPGP key distribution,

585: and the third is the combined ``web of trust'' with other PKI.

586: 

587: %\subsection{Keyserver-related study}

588: A ``web of trust'' used in PGP is referred in several 

589: researches including the peer-to-peer authentication~\cite{P2P2001:ch16},

590: trust computation~\cite{Maurer96b,Caronni2000},

591: and privacy enhanced technology~\cite{garfinkel94}.

592: % and textbooks~\cite{Schneier1995,Anderson2001}.

593: However, there are few description on PGP keyserver.

594: It might be because PGP keyserver mechanism is too simple.

595: It is not a CA but just a pool of public keys.

596: % In the next section we propose the life cycle of a digital certificate

597: % with PGP keyserver testing the next generation OpenPGP keyserver.

598: From users' viewpoint, PGP keyserver has a 

599: large amount of OpenPGP public keys that provide

600: the interesting material for social analysis of network community. 

601: For example, OpenPGP keyserver developer Jonathan McDowell

602: also developed ``Experimental PGP key path finder''~\cite{McDowell2002}

603: that searches and displays the chain of certification between the users.

604: % This ``six degrees of separation'' effect~\cite[p.~309]{P2P2001:ch16}

605: 

606: %\subsection{Providing a root of a global community}\label{Register}

607: As OpenPGP's initial trust file is blank, the users have to start with a

608: face-to-face certificate to exchange public keys.

609: Though another initial file is provided via high integrity channel.

610: {\it Global Internet Trust Register}~\cite{Register}

611: is a printed book that contains ``fingerprints'' (hash values of certificate)

612: of the most important public keys (mainly cryptography experts who are

613: likely to have signed many other keys in their respectice

614: communities)~\cite[pp.~80--81]{Stajano2002}.

615: 

616: %\subsection{Combined OpenPGP PKI}

617:  OpenPGP PKI itself can be described as the superset of PKI~\cite{Zimmermann2001},

618: however, combining OpenPGP PKI with other authentication system is 

619: challenging work in both theoretical and operational field.

620: %

621: Formal study of trust relationship of PKI started in the late 1990s~\cite{Maurer96b,Caronni2000} and GnuPG development version in December 2002

622: started to support its trust calculation with

623: GnuPGP's trust signature.

624: 

625: The implementation of trust calculation is ongoing and 

626: using large-scale ``web of trust'' (not ``web of certificates'')

627: is not so popular outside of computer experts.

628: On the other hands, using different types of PKI has become more popular.

629: 

630: In the early work at MIT,

631: PGP-signing service had been combined with Kerberos CA

632: system that does not have public key cryptography~\cite{Schiller1995}.

633: % In this scheme, the authenticity of the certificate's name-to-key

634: % binding is as sound as the Kerberos account's creation was. If the

635: % user-accounts administrator checked IDs in face-to-face meetings, the

636: % Kerberized CA's certificates will be meaningful. If instead the users

637: % can register themselves remotely, then the certificates will be all but

638: % meaningless. (At MIT, staff members usually get their accounts

639: % face-to-face)

640: Today, the hybrid system of OpenPGP and X.509 is 

641: both developed into some OpenPGP implementations.

642: In 2001, German authorities 

643: BSI (Bundesamt f\"{u}r Sicherheit in der Informationstechnik,

644: Germany's agency for information technology security)

645: accept the \"{A}gypten project for Open Source implementation

646: of governmental mail user agents Sphinx 

647: which supports X.509v3, PKCS, LDAP, and OpenPGP ~\cite{Newsforge20011005}.

648: The results of the open development are begun to

649: imported to other commercial products in 2002--2003~\cite{Kmail}.

650: In a same way, PGP Corporation also released PGP\textregistered\ version

651:  8.0 as X.509-enabled application that can interoperate X.509

652:  certificates and CAs~\cite{PGP8X509}.

653: 

654: 

655: % $B$^$?%I%$%D7P:QO+F/>J(B (BMWA)$B$OFbL3>J$H6&F1$GEE;R>&<h0z$HEE;R@/I\$r?d?J$9$k(B

656: % GNU Privacy Project$B$r?d?J$7$F$*$j!$9qFb@=IJ$N3+H/$@$1$G$J$/(B

657: % $BF|K\H/$N%a!<%k%/%i%$%"%s%H(BSylpheed$B$N%I%$%D8lHG$NG[I[$b9T$J$C$F$$$k(B

658: % $B$[$+!$(B

659: % $B30It6H<T$K0QBw$7$F(B

660: % {\it GnuPP for beginners},

661: % {\it GnuPP for experts}

662: % $B$H$$$C$?(B

663: % $B%I%$%D8l$N<j0z=q$b@):n!&G[I[$r9T$J$C$F$$$k(B~\cite{GnuPP}$B!%(B

664: % $B$3$N<j0z=q$O%3%_%C%/Iw$NA^3($D$-$G8x3+800E9f$N;EAH$_$d(B

665: % $BEE;R>ZL@=q$N(Bfingerprint$B$N3NG'J}K!!$(B

666: % $B$=$7$F8x3+80%5!<%P$N@$3&E*$J%M%C%H%o!<%/$H$$$C$?(B

667: % $B6qBNE*$JFbMF$r07$C$F$$$k!%(B

668: % (GnuPP / WinPP Project)

669: 

670: % $B>ZL@=qG[I[$NLdBj$O(B OpenPGP $B$N$_$J$i$:(BX.509$B$K$*$$$F$O$5$i$K(B

671: % $BCm0U$,I,MW$G$"$k$3$H$r9M$($?>l9g(B~\cite{Takagi2002:CSS}$B!$(B

672: % $B<j0z=q$G(Bfingerprint$B$N3NG'$r$H$j$"$2$k$3$H$O9b$/I>2A$G$-$k!%(B

673: % **

674: 

675: \section{OpenPGP Public Keyserver}\label{sec:keyserver}

676: Before describing our research, this section describes 

677: OpenPGP keyserver generally.

678: Keyserver is not a CA. It only pool anyone's public keys.

679: Keyserver never issue any certificate for someone's public key

680: but only provide it.

681: 

682: \subsection{Current Status}

683: The first keyserver is developed at MIT in 1994

684: by Brian~ A.~LaMacchia. It exchange public keys with email 

685: and keys are managemented with PGP command.

686: For users, keyserver acts as an easy email agent

687: who receives any valid but untrusted keys,

688: then searches and provides the key to everyone.

689: %

690: % (Software Design, 2002$BG/(B8$B7n9f(B)

691: %

692: % $B$3$l$O(B\ref{sec:PKI}$B@a$G=R$Y$?(Bstart point $B$H$7$F$N(B trust-file$B$r(B

693: % $B8x3+$7$F;2>H$9$k$b$N$@$H8@$&$3$H$,$G$-$k(B~\cite[ch.~15]{garfinkel94}

694: % 

695: In 1997, PGP Public KeyServer (pksd, 

696: {\url{http://www.mit.edu/people/marc/pks/}}) started 

697: by MIT student Marc Horowitz. 

698: Pksd uses a database management system and has been working fine.

699: The database system is operated via email, CGI-interface from http server,

700: and HKP --- pksd's own communication protocol over

701: Hypertext Transfer Protocol (HTTP).

702: In 2003, David Shaw of GnuPG team proposed the OpenPGP HTTP Keyserver

703: Protocol~\cite{HKP200303} based on traditional HKP

704: as the draft for Internet Standard.

705: 

706: Today pksd has been working fine even if in global distributed

707: network. There are 10 or more syncronized public keyservers in the world

708: and the most of them are running with patched pksd.

709: These public keyservers are operated by voluntary managers belong to

710: organizations including 

711: \special{html:<a href ="http://pgp.mit.edu/">}

712: MIT

713: %{\url{http://pgp.mit.edu/}})

714: \special{html:</a>}

715: and 

716: \special{html:<a href ="http://www.cc.gatech.edu/~peter/pks-commands.html">}

717: Georgia Tech

718: %({\url{http://www.cc.gatech.edu/~peter/pks-commands.html}})

719: \special{html:</a>}

720: in United States,

721: \special{html:<a href ="http://pki.surfnet.nl/extract.html">}

722: SURFnet 

723: %({\url{http://pki.surfnet.nl/extract.html}}) 

724: \special{html:</a>}

725: in Netherlands,

726: \special{html:<a href ="http://www.dfn-pca.de/pgpkserv/">}

727: DFN-CERT

728: \special{html:</a>}

729: %({\url{http://www.dfn-pca.de/pgpkserv/}}) 

730: in Germany,

731: \special{html:<a href ="http://www.rediris.es/cert/servicios/keyserver/">}

732: RedIRIS (IRIS-CERT)

733: %({\url{http://www.rediris.es/cert/servicios/keyserver/}})

734: \special{html:</a>}

735: in Spain,

736: \special{html:<a href ="http://pgp.nic.ad.jp/">}

737: JPNIC

738: % ({\url{http://pgp.nic.ad.jp/}}) 

739: \special{html:</a>}

740: in Japan.

741: %  Horowitz's pksd-0.9.4 + patch level 2

742: %  $B>&MQ$@$H(B Veridis will continue the development and full support of 

743: % Highware OpenKeyServer product and the KeyServer.Net service.

744: %  $B$"$k$$$O(BCERT$B$,1?1D$7$F$$$k!%(B)

745: Today they have more than 1,400,000 public keys entries and

746: 3,000/day or more transactions between each sync sites.

747: In 2000,

748: SURFnet held the first PGP keyserver manager symposium~\cite{SURFnet2000}

749: and the managers keep in touch with each other. 

750: 

751: \subsection{Revocation process and Keyserver}

752: As public keyservers provides semi-official key distribution channel,

753: keyserver adds powerful feature to OpenPGP PKI.

754: % $BMxMQ<T8D?M$,G'>Z$K@UG$$r;}$D(B OpenPGP $B$N(BPKI$B$O!$80%5!<%P$N5!G=$rAH$_9g$o$;$k(B

755: % $B$3$H$K$h$C$F$5$i$KM-8z$J(BPKI$B$H$J$k$H8@$($k!%(B

756: % 

757: Public keyservers can handle the PGP revocation problem that we described in

758: section \ref{revocation}.

759: % ``The weakest link of this[PGP] whole system is key revocation: It is

760: % impossible to guarantee that no one will use a compromised key. If

761: % Alice's private key is stolen she can send out something called a {\bf

762: % key revocation certificate}, but since key distribution is {\it ad hoc}

763: % and largely word of mouth there is no guarantee that it will reach

764: % everyone who has her public key on his key ring. And as Alice has to

765: % sign the key revocation certificate with her private key; if she loses

766: % the key altogether she cannot revoke it.''

767: % ~\cite[pp.~585--586]{Schneier1995}

768: % $BHkL)80$r$J$/$7$F$7$^$C$?$i8x3+80$r<h$j>C$9$3$H$,$G$-$J$$(B

769: % $B8x3+80$r<h$j>C$7$F$b!$8x3+80$rG[I[$7$?A40w$K<h$j>C$7>pJs$,EA$o$kJ]>Z$,$J$$(B

770: % 

771: % $BA0<T$N<eE@$K4X$7$F$O!$<+J,$N8x3+80$HHkL)80$r:n@.$9$k:]$K(B

772: % $B8x3+80$N<h$j>C$7$K;H$&GK4~>ZL@=q$r:n@.$7$F(B

773: % $BHkL)80$H$OJL$N>l=j$KJ]B8$9$k$H$$$C$?<j=g$rF'$^$($?1?MQ(B

774: % $B$K$h$C$F$"$kDxEY2sHr$9$k;v$,2DG=$G$"$k!%(B

775: % 

776: % ``How do you tell everyone that your key is no longer valid? How do you

777: % tell everyone that your certificate on a key should be changed? For that

778: % matter, what exactly did Bob mean when he certified Charlie's key, and

779: % does Charlie mean the same thing when he certifies David's key?''

780: % ~\cite[p.~309]{P2P2001:ch16}

781: % 

782:  Using keyserver provides an answer to the question 

783: ``How do you tell everyone that your key is no longer valid?''.

784: User may issue a suicide note (denoted as ``revocation signature'' in OpenPGP )

785: and post it to keyservers.

786: Receiving a valid revocation signature, keyserver updates the key to be

787: revoked. The update key with revocation signature is redistributed to

788: the synchronized keyservers in the world, 

789: and finally PGP user updates their keyrings with the nearest keyserver.

790: The updated key with valid revoked signature makes users's older key not

791: to be used.

792: 

793: % $B8e<T$NLdBj$K$D$$$F$O!$8x3+80%5!<%P$N3hMQ$,M-8z$G$"$k!%<+J,$N8x3+80$rF~<j(B

794: % $B$7$??M$9$Y$F$K8x3+80$N99?7>pJs$rEA$($k$N$OIT2DG=$K6a$$!%$@$,!$8x3+80%5!<(B

795: % $B%P$r2p$;$P99?7<j=g$rBgI}$K>JNO2=$9$k$3$H$,$G$-$k!%8x3+80%5!<%P$K8x3+80$N(B

796: % $B99?7>pJs(B ($B$^$?$OGK4~>ZL@(B)$B$rAw$l$P!$%5!<%P>e$KEPO?$5$l$F$$$k8x3+80$K99?7(B

797: % $B>pJs$,2C$($i$l!$85$N8x3+80$r;}$C$F$$$k?M$b8x3+80%5!<%P$KLd$$9g$o$;$l$P$$(B

798: % $B$D$G$b<+J,$N;}$C$F$$$k8x3+80$,99?7$5$l$F$$$J$$$+$I$&$+$r3NG'$9$k$3$H$,$G(B

799: % $B$-$k!%(B

800: 

801: %\subsection{``Don't believe keyserver too much''}

802: %$BB>?M$N(BPGP$B8x3+80$r4JC1$KF~<j$G$-$k$3$H$,(B

803: %$B8x3+80%5!<%P$NMxE@$@$H$h$/8@$o$l$F$$$k!%(B

804: %$B$7$+$7(BPGP$B$N8x3+80$O<+M3$JL>A0$G:n@.$9$k$3$H$,$G$-$k$N$G!$(B

805: %$B8x3+80%5!<%P$KEPO?$5$l$F$$$k8x3+80$,K\Ev$K%f!<%6$,:n$C$?(B

806: %$B$b$N$+$I$&$+$O$o$+$i$J$$!%(B

807: %$B$D$^$j!$8x3+80%5!<%P$GF~<j$7$?8x3+80$r;H$&$K$O(B

808: %$B$^$:8x3+80$,56B$$5$l$F$$$J$$K\J*$G$"$k$3$H$r3NG'$9$kI,MW$,$"$k!%(B

809: %$B$3$NJ}K!$H$7$F$O!$(BPGP$B%/%i%$%"%s%H$,Aj<j$N8x3+80$+$i<h$j=P$9(B

810: %$B%O%C%7%eCM!V%U%#%s%,!<%W%j%s%H!W$r3NG'$9$k$N$,0lHLE*$G$"$k!%(B

811: 

812: \subsection{Current Keyserver Problem}

813: Today's sisutation around PGP keyserver

814: is beyond the original developers' idea, and 

815: current pksd also has some limitations.

816: %neither an expandable format by IETF standard

817: %nor the distributed network of public keyservers.

818: 

819: Firstly, the implementations of pksd are not OpenPGP-compliant.

820:  OpenPGP ~\cite{RFC2440} published in 1998

821: defines two versions of signature formats.

822: (Version 3 provides basic OpenPGP signature information, while version 4 provides

823: an expandable format with subpackets.)

824: These changes made traditional PGP applications 

825: not-OpenPGP-compliant --- not only

826: PGP\textregistered~\cite[s.v. ``Implementation Nits'']{RFC2440} 

827: but also pksd.

828: Today pksd does not fully support OpenPGP format.

829: 

830: Seconary, the pksd does not scalability for global use.

831: Though pksd has simple but strong dabatabase management system,

832: it is neither soshisticated nor scalable compared with 

833: today's Internet server.

834: For the matter, pksd cannot handle 1 billion keys and cannot

835: accept such many transactions as Yahoo! or eBay site.

836: %  Like as ihave/sendme, mirror DB or something good

837: New design of OpenPGP public keyserver is required.

838: 

839: \section{OpenPKSD: Next Generation OpenPGP Public

840:  Keyserver}\label{OpenPKSD}

841: We introduce our next generation OpenPGP Public Keyserver project

842: with a new architecture. We call it OpenPKSD

843: ( OpenPGP Public KeyServer Daemon).

844: It is developed by one of the

845: authors and funded by Japanese Information-technology Promotion Agency

846:  (IPA) in 2001--2002.

847: 

848: \subsection{Server Design and Implementation}

849: OpenPKSD supports OpenPGP subpacket format

850: and works as high-performance server with SQL backend.

851: The design of OpenPKSD oriented to not only high-performance, 

852: but also flexible extension capability and easy operation.

853: We implemented OpenPKSD with Ruby and 

854: PostgreSQL backend~\cite{RubyConf2002}.

855: 

856: \subsection{User Interface and Security}

857: As ``Web of trust'' depends on users' decision,

858: user interface is also important factor on security.

859: For example, Whitten and Tygar~\cite{Whitten1999} had 

860: ever pointed out some dangerous errors occured with past PGP clients'

861: interface.

862: 

863: Users can connect to OpenPKSD with two kind of 

864: interfaces, OpenPGP client or CGI on WWW.

865: Providing WWW interface, OpenPKSD

866: must help users' recognization, judgement, and 

867: handling on OpenPGP public keys.

868: 

869: %\paragraph{No fingerprint display}

870: 

871: %$B$=$N$?$a$K$O8x3+80%5!<%P$NI=<($r?.Mj$9$k$@$1$G$OIT==J,$G!$(B

872: %$B<+J,$N%m!<%+%k%^%7%s>e$N(BPGP$B%/%i%$%"%s%H$G(B

873: %$B$=$N8x3+80$,?.MQ$G$-$k$+$r3NG'$9$Y$-$G$"$k!%(B

874: %$B$3$NJ}K!$H$7$F$O!$(BPGP$B%/%i%$%"%s%H$,Aj<j$N8x3+80$+$i<h$j=P$9(B

875: %$B!V%U%#%s%,!<%W%j%s%H!W$r3NG'$9$k$N$,0lHLE*$G$"$k!%(B

876: 

877: OpenPKSD displays only 64bit KeyID to identify someone's public keys.

878: Though some other servers calculate and display ``fingerprint'' of

879: public keys before download it, it does not help users arare of risk

880: using keyserver.

881: As keyserver is just a pool and not CA, 

882: users should check the public key with their own.

883: Moreover, it is easy to make some faked keyserver by

884: Man-in-the-Middle Attack, TCP hijacking, etc.

885: It means that 

886: the fingerprint must be calculated under user's (safe) machine

887: and that is the reason why OpenPKSD does not display fingerprint.

888: 

889: %\paragraph{Interface with pgpdump: visualizing subpackets}

890: OpenPKSD WWW interface provides additional feature 

891: to visualize subpackets of PGP keys.

892: As OpenPKSD has an expandable format with subpackets,

893: it is very hard to understand the data structure inside this. 

894: Using pgpdump program,

895: key packet visualizer that displays the packet format of

896:  OpenPGP and PGP\textregistered\ version 2.

897: 

898: Many PGP users are familiar with this verification

899: on added keys, as in 2000, PGP\textregistered\ version 5.5.x to 6.5.3 had

900: a serious security hole that cannot detected with fingerprint

901: verification.

902: Then CERT/CC had alarted 

903: ``Check certificates for ADKs [Additional Decryption Keys]

904:  before adding them to a keyring.''~\cite{CERT:CA-2000-18}

905: Pgpdump exactly visualizes these additional keys.

906: With pgpdump, OpenPKSD helps users to recognize the information of 

907: public key and any other added keys before downloading.

908: 

909: \subsection{Performance and Future work}

910: OpenPKSD is implemented with Ruby language and PostgreSQL DBMS.

911: Ruby is so-called ``scripting language'' and seemed not suitable 

912: for a quick response or large program development.

913: However, 

914: OpenPKSD succeeds not only the more compact code size but also

915: quick response compared with pksd,

916: by loading bit calculation modules such as CRC24 checksum

917: written by C language~\cite{Hironobu2003}.

918: Table \ref{table:OpenPKSD} shows the performance of 

919: OpenPKSD version 0.2.8, non-cluster version, installed on PC.

920: %%table 

921: \begin{table}[htbp]

922: \begin{center}

923: \begin{tabular}{|c|c|}

924:  \hline

925:  CPU: & Intel Pentium4 1.6GHz \\

926:  \hline

927:  HDD: & IDE ATA100 7200rpm 60GB\\

928:  \hline

929:  Memory: & PC2100 768MB \\

930:  \hline

931:  One key query: & 120ms average,\\

932:  & 72ms best,\\

933:  & 230ms worst.\\

934:  \hline

935: \end{tabular}

936:  \caption{OpenPKSD Performance}\label{table:OpenPKSD}

937: \end{center} 

938: \end{table}

939: % [pgp-folks]

940: % OpenPKSD (v0.2.8) Performance:

941: % 

942: %  CPU: Intel P 4 1.6Ghz

943: %  HDD: IDE ATA100 7200rpm

944: %  MEM: PC2100 768MB

945: % 

946: %  One key query: 120ms Ave., 72ms best, 230ms worst.

947: % If a public key has 10 signatures, I estimate total time of queries

948: % become around 700ms - 2000ms. I'm afraid that it makes not only

949: % machine heavy load situation but also become target of DoS attack.

950: %

951: OpenPKSD version 0.2.8 is also working 

952: well at handling usual transaction between other PGP public keyserver

953: described in section \ref{sec:keyserver} since 2002.

954: 

955: Forthcoming developers' version of OpenPKSD will support some clustering

956: based on the reserch on the performance of 

957: cluster technology~\cite{Wang2002:ICPADS}.

958: It will be published in 2003 and 

959: support the experimental HKP(keyserver protocol over http) balancer,

960: keyserver cluster, and clustered database.

961: 

962: \section{Summary}

963: In this paper, we overlooked some PKI architectures.

964: %$BK\>O$G$O!$(BPKI$B$N;kE@$+$i(BX.509$B$*$h$S(B OpenPGP $B$r(B

965: %$B$H$j$"$2!$N><T$,0[$J$k%b%G%k$N<B8=$rL\;X$7$F$$$k$3$H!$$*$h$S(B

966: %$BN><T$NFCD9$r<($7$?!%$^$?!$$=$l0J30$N(BPKI$B$NDs0F$H$7$F(B

967: %SPKI/SDSI$B$K$D$$$F$b>R2p$7$?!%(B

968: %PKI$B$K$OM#0l$N%b%G%k$OB8:_$7$J$$!%$7$?$,$C$F(B

969: %PKI$B$r9=C[$9$k$K$"$?$C$F$I$N%b%G%k$r:NMQ$9$k$N$+$H$$$&;kE@$,I,MW$H$J$k!%(B

970: %$B$9$J$o$A!$N><T$OAj8_GS=|$N4X78$K$"$k$N$G$O$J$/!$J;B82DG=$G$"$k!%(B

971: %$B:#8e$O!$I,MW$H$5$l$k>u67$K1~$8$F(B

972: %$BAPJ}$NMxE@$r@8$+$7$?%$%s%?!<%M%C%H(BPKI$B$N9=C[$rL\;X$9$Y$-$G$"$k!%(B

973: %

974: Using ``Web of Trust,'' OpenPGP PKI can help users to

975: manage certification without CAs.

976: However, there are the problem on public key management, i.e., 

977: how to get the receivers' public key, or, 

978: how to tell everyone that the public key is no longer valid.

979: PGP keyserver is the solution to the problem.

980: %PKI$B$H$7$F$N(B OpenPGP $B$O!$G'>Z6I5Z$SEPO?5!4X$r2p$9$k$3$H$J$/(Bpeer-to-peer$B$NG'>Z$r(B

981: %$B9T$J$($k$H$$$&FCD9$,$"$k!%$7$+$7$J$,$i!$(B

982: %$B!VDL?.$7$?$$Aj<j$N8x3+80$r$I$&$d$C$F<j$K$$$l$k$+!W(B

983: %$B$=$7$F!V8x3+80$NGK4~>ZL@$r$I$&$d$C$FDLCN$9$k$+!W$H$$$&E@$,IT==J,$G$"$k!%(B

984: %$B$3$NLdBjE@$X$N<h$jAH$_$H$7$F!$80%5!<%P$NLr3d$r$"$2$?!%(B

985: 

986: Though some PGP public keyservers have built a global PKI,

987: traditional PGP keservers have some limitations.

988: We introduced OpenPKSD, 

989: newly-designed and OpenPGP-supported 

990: public keyserver project.

991: OpenPKSD took its first step, works well in practice, and 

992: examining the cluster technology.

993: 

994: \section*{Availability}

995: OpenPKSD source code and documents

996: are available under GNU General Public License (GPL) at 

997: {\url{http://www.openpksd.org/}}.

998: 

999: %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Bibliography

1000: %\bibliographystyle{latex8}

1001: %\bibliography{research,yamane}

1002: 

1003: \begin{thebibliography}{10}\setlength{\itemsep}{-1ex}\small

1004: 

1005: \bibitem{Adams1991}

1006: C.~Adams and S.~Lloyd.

1007: \newblock {\em Understanding Public-Key Infrastructure: Concepts, Standards,

1008:   and Deployment Considerations}.

1009: \newblock Macmillan Technical Publishing, 1999.

1010: 

1011: \bibitem{Register}

1012: R.~J. Anderson, B.~Crispo, J.-H. Lee, C.~Manifavas, and V.~{Maty\'{a}\v{s}

1013:   Jr.}, editors.

1014: \newblock {\em Global Internet Trust Register}.

1015: \newblock MIT Press, 1999 edition, Mar. 1999.

1016: 

1017: \bibitem{RFC2440}

1018: J.~Callas, L.~Donnerhacke, H.~Finney, and R.~Thayer.

1019: \newblock {OpenPGP Message Format}.

1020: \newblock {{\it {R}equest {F}or {C}omments}}, Nov. 1998.

1021: \newblock RFC 2440 (Category: Standards Track) replaces RFC 1991, ``PGP Message

1022:   Exchange Formats''.

1023: 

1024: \bibitem{RFC2440bis08}

1025: J.~Callas, L.~Donnerhacke, H.~Finney, and R.~Thayer.

1026: \newblock {OpenPGP Message Format}.

1027: \newblock {{\it {Internet Draft}}}, May 2003.

1028: \newblock Revision of RFC 2440\cite{RFC2440}.

1029:   {\url{http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-08.txt}} (visited June 1, 2003).

1030: 

1031: \bibitem{Caronni2000}

1032: G.~Caronni.

1033: \newblock Walking the web of trust.

1034: \newblock In {\em Proceedings of IEEE 9th International Workshops on Enabling

1035:   Technologies: Infrastructure for Collaborative Enterprises (WET ICE'00)},

1036:   pages 153--158. IEEE Computer Press, 2000.

1037: 

1038: \bibitem{CERT:CA-2000-18}

1039: {CERT/CC}.

1040: \newblock {PGP May Encrypt Data With Unauthorized ADKs}.

1041: \newblock CERT Advisory CA-2000-18, 2000.

1042: \newblock {\url{http://www.cert.org/advisories/CA-2000-18.html}} (visited May

1043:   31, 2003).

1044: 

1045: \bibitem{Clarke2001}

1046: D.~E. Clarke.

1047: \newblock {SPKI/SDSI HTTP Server} / {Certificate Chain Discovery in SPKI/SDSI}.

1048: \newblock Master's thesis, MIT, Sept. 2001.

1049: \newblock {\url{http://theory.lcs.mit.edu/~cis/theses/clarke-masters.pdf}}

1050:   (visited May 27, 2003).

1051: 

1052: \bibitem{springgraph}

1053: Darxus@ChaosReigns.com.

1054: \newblock springgraph.

1055: \newblock Online document, May 2002.

1056: \newblock {\url{http://www.chaosreigns.com/code/springgraph/}} (visited May 27,

1057:   2003).

1058: 

1059: \bibitem{P2P2001:ch16}

1060: R.~Dingledine, M.~J. Freedman, and D.~Molnar.

1061: \newblock Accountability.

1062: \newblock In A.~Oram, editor, {\em Peer-to-Peer: Harnessing the Power of

1063:   Disruptive Technologies}, chapter~16. O'Reilly \& Associates, Mar. 2001.

1064: 

1065: \bibitem{RFC2693}

1066: C.~M. Ellison, B.~Frantz, B.~Lampson, R.~Rivest, B.~Thomas, and T.~Yl\"{o}nen.

1067: \newblock {SPKI Certificate Theory}.

1068: \newblock {{\it {R}equest {F}or {C}omments}}, Sept. 1999.

1069: \newblock RFC 2693 (Status: Experimental).

1070: 

1071: \bibitem{First2001}

1072: FIRST.ORG.

1073: \newblock {{FIRST} Contact Information}.

1074: \newblock Online document, 2001.

1075: \newblock {\url{http://www.first.org/docs/contact.html}} (visited May 31,

1076:   2003).

1077: 

1078: \bibitem{garfinkel94}

1079: S.~Garfinkel.

1080: \newblock {\em {PGP}: Pretty Good Privacy}.

1081: \newblock O'Reilly \& Associates, Dec. 1994.

1082: 

1083: \bibitem{Adam1997}

1084: R.~Khare and A.~Rifkin.

1085: \newblock Weaving a web of trust.

1086: \newblock {\em {World Wide Web Journal}}, 2(3), Summer 1997.

1087: \newblock Online article available at

1088:   {\url{http://www.w3journal.com/7/s3.rifkin.wrap.html}} (visited May 29,

1089:   2003).

1090: 

1091: \bibitem{pgpcontrol}

1092: D.~C. Lawrence.

1093: \newblock {Authentication of Usenet Group Changes}.

1094: \newblock Online document, 1999.

1095: \newblock {\url{ftp://ftp.isc.org/pub/pgpcontrol/README.html}} (visited May 27,

1096:   2003).

1097: 

1098: \bibitem{Levy2001}

1099: S.~Levy.

1100: \newblock {\em Crypto: How the Code Rebels Beat the Government, Saving Privacy

1101:   in the Digital Age}.

1102: \newblock Viking Penguin, Jan. 2001.

1103: 

1104: \bibitem{Ninghui2000}

1105: N.~Li.

1106: \newblock Local names in {SPKI/SDSI}.

1107: \newblock In {\em Proceedings of 13th IEEE Computer Security Foundations

1108:   Workshop (CSFW-13)}, pages 2--15. IEEE Computer Society, 2000.

1109: 

1110: \bibitem{Maurer96b}

1111: U.~Maurer.

1112: \newblock Modeling a public-key infrastructure.

1113: \newblock In E.~Bertino, editor, {\em Proceedings of 1996 European Symposium on

1114:   Research in Computer Security ({ESORICS}' 96)}, Lecture Notes in Computer

1115:   Science 1146, pages 325--350. Springer-Verlag, 1996.

1116: 

1117: \bibitem{McDowell2002}

1118: J.~McDowell.

1119: \newblock Experimental {PGP} key path finder.

1120: \newblock Online document, 2002.

1121: \newblock {\url{http://the.earth.li/~noodles/pathfind.html}} (visited May 31,

1122:   2003).

1123: 

1124: \bibitem{Newsforge20011005}

1125: {KMail} and mutt as {Sphinx}-clients for {German} authorities.

1126: \newblock {\em NewsForge}, 5 October 2001.

1127: \newblock Online article available at

1128:   {\url{http://www.newsforge.com/article.pl?sid=01/10/05/162238}} (visited May

1129:   27, 2003).

1130: 

1131: \bibitem{PGP8X509}

1132: {PGP Corporation}.

1133: \newblock Using an {X.509 PKI} with {PGP}\textregistered\ 8.0: Protecting

1134:   existing investments.

1135: \newblock {PGP Coporation} {White Paper}, May 2003.

1136: \newblock {\url{http://www.pgp.com/products/whitepapers/PGP8X509.pdf}} (visited

1137:   July 1, 2003).

1138: 

1139: \bibitem{Schiller1995}

1140: J.~I. Schiller and D.~Atkins.

1141: \newblock Scaling the web of trust: Combining {Kerberos} and {PGP} to provide

1142:   large scale authentication.

1143: \newblock In {\em Proceedings of {USENIX} 1995 Technical Conference on UNIX and

1144:   Advanced Computing Systems}, pages 83--94. {USENIX} Association, 1995.

1145: 

1146: \bibitem{Schneier1995}

1147: B.~Schneier.

1148: \newblock {\em Applied Cryptography: Protocols, Algorithms, and Source Code in

1149:   C}.

1150: \newblock John Wiley \& Sons, 2nd edition, 1995.

1151: 

1152: \bibitem{Kmail}

1153: S.~Shankland.

1154: \newblock {KDE Linux} adds {German} flavor.

1155: \newblock {\em ZDNet News}, 31 January 2003.

1156: \newblock Online article available at

1157:   {\url{http://zdnet.com.com/2100-1104-982816.html}} (visited May 27, 2003).

1158: 

1159: \bibitem{HKP200303}

1160: D.~Shaw.

1161: \newblock {OpenPGP HTTP Keyserver Protocol (HKP)}.

1162: \newblock {{\it {Internet Draft}}}, Mar. 2003.

1163: \newblock

1164:   {\url{http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt}}

1165:   (visited May 28, 2003).

1166: 

1167: \bibitem{FYI36}

1168: R.~W. Shirey.

1169: \newblock {Internet Security Glossary}.

1170: \newblock {{\it {R}equest {F}or {C}omments}}, May 2000.

1171: \newblock RFC 2828 (Also FYI 36) (Status: Informational).

1172: 

1173: \bibitem{Stajano2002}

1174: F.~Stajano.

1175: \newblock {\em Security for Ubiquitous Computing}.

1176: \newblock John Wiley \& Sons, Feb. 2002.

1177: 

1178: \bibitem{SURFnet2000}

1179: {SURFnet}.

1180: \newblock {The First PGP Keyserver Manager Symposium}.

1181: \newblock Online document, 2000.

1182: \newblock {\url{http://www.surfnet.nl/bijeenkomsten/pgp/}} (visited May 27,

1183:   2003).

1184: 

1185: \bibitem{RubyConf2002}

1186: H.~Suzuki.

1187: \newblock {OpenPKSD: OpenPGP Public Keyserver}.

1188: \newblock Presentation slide, 2002.

1189: \newblock {\url{http://openpksd.org/docs/RubyConf2002.pdf}} (visited May 28,

1190:   2003). Presented at 2nd Annual International Ruby Conference, held in

1191:   Nov.~1--3, 2002, Seattle, WA.

1192: 

1193: \bibitem{Hironobu2003}

1194: H.~Suzuki.

1195: \newblock {OpenPKSD: Next Generation OpenPGP Public Keyserver} implementation

1196:   with {Ruby} (in {Japanese}).

1197: \newblock In {\em Proceedings of Software Symposium 2003}, pages 162, 220--223,

1198:   Japan, July 2003. Software Engineers Association.

1199: 

1200: \bibitem{Wang2002:ICPADS}

1201: J.~Wang, Y.~Tsutaya, N.~Segawa, S.~Yamane, Y.~Murayama, M.~Miyazaki, and

1202:   H.~Suzuki.

1203: \newblock Approaches to balancing data load of shared-nothing clusters and

1204:   their performance comparison.

1205: \newblock In {\em Proceedings of 9th International Conference on Parallel and

1206:   Distributed Systems (ICPADS 2002)}, pages 293--301. IEEE Press, Dec. 2002.

1207: 

1208: \bibitem{Whitten1999}

1209: A.~Whitten and D.~Tygar.

1210: \newblock Why {Johnny} can't encrypt: A usability evaluation of {PGP 5.0}.

1211: \newblock In {\em Proceedings of the 9th USENIX Security Symposium}, Aug. 1999.

1212: \newblock Also available at

1213:   {\url{http://www.usenix.org/publications/library/proceedings/sec99/full_papers/whitten/whitten.ps}}, more detailed presentation is available at

1214:   {\url{http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html}}

1215:   (visited May 31, 2003).

1216: 

1217: \bibitem{Zimmermann2001}

1218: P.~Zimmermann.

1219: \newblock {Why OpenPGP's PKI is better than an X.509 PKI}.

1220: \newblock Online document, 27 Feb 2001.

1221: \newblock {\url{http://www.openpgp.org/technical/whybetter.shtml}} (visited May

1222:   27, 2003).

1223: 

1224: \end{thebibliography}

1225: 

1226: 

1227: \onecolumn

1228: \begin{table}[htbp]

1229:  \begin{center}

1230: {\small 

1231:  \begin{tabular}{|l|r|l|}

1232:   \hline

1233: {\bf X.509}  & CA Characteristics: & Global Hierarchy. There are commercial X.509 CAs. \\ 

1234:   & & X.509 communities are built from the top-down. \\ 

1235: %  & CA $B$NFCD'(B: & $B%0%m!<%P%k$J3,AX!%%3%^!<%7%c%k$N(BX.509 CA$B$bB8:_$9$k(B\\ 

1236: %  & & X.509$B$N%3%_%e%K%F%#$O%H%C%W%@%&%s$K$h$C$F9=C[$5$l$k!%(B\\ 

1237:   & Trust Model: 

1238:   & Hierarchical Trust Model. Trust originates from a `trusted' \\ 

1239:   & & CA, over which the guardian may or may not have control. \\ 

1240:   & & A requestor provides a chain of authentication from the \\ 

1241:   & & `trusted' CA to the requestor's key. \\ 

1242: %  & $B?.MQ%b%G%k(B: 

1243: %  & $B3,AX7?$N?.MQ%b%G%k!%?.MQ$O!V?.MQ$G$-$k!W(BCA$B$,$D$/$k!%(B\\ 

1244:   & Signatures: & Each certificate has one signature, belonging to the issuer \\ 

1245:   & & of the certificate. \\ 

1246: %  & $BEE;R=pL>(B: & $B$=$l$>$l$N>ZL@=q$O>ZL@=qH/9T<T$K$h$C$FEE;R=pL>$5$l$F$$$k!%(B\\ 

1247:   & Certificate Revocation: & Uses CRL(Certificate Revocation List)s \\ 

1248: %  & $B>ZL@=q$N<:8z(B: & CA$B$,(BCRL (Certificate Revocation List)$B$rG[I[$9$k!%(B \\ 

1249:   & Name Space: & Global \\ 

1250: %   & $B%M!<%`%9%Z!<%9(B: & $B%0%m!<%P%k(B \\ 

1251:   & Types of Certificates: & Name Certificates \\ 

1252: %  & $B>ZL@%?%$%W(B & $BK\?M@-$N>ZL@(B \\ 

1253:   & Name-to-Key binding:

1254:   & Single-valued function: each global name is bound to ex- \\ 

1255:   & & actly one key (assuming each user has a single public- \\ 

1256:   & & private key pair). \\ 

1257: %  & $B<1JLL>$H80$H$N7k9g(B:              

1258: %  & $BC10lCM4X?t(B: $B%0%m!<%P%k$J<1JLL>$O$=$l$>$lM#0l$N(B \\ 

1259: %  & & $B80%Z%"$H0lBP0lBP1~$7$F$$$k!%(B\\ 

1260: %  & & ($B%f!<%6$O$?$@$R$H$D$N8x3+80HkL)80%Z%"$r;}$C$F$$$k$H2>Dj$9$k(B) \\ 

1261:   \hline

1262:  {\bf OpenPGP} & CA Characteristics: & Egalitarian design. Each key can issue certificates. \\ 

1263:  \quad {\bf } & & PGP communities are built from the bottom-up in a\\ 

1264:   & & distributed manner. \\ 

1265: %  & CA $B$NFCD'(B: & $BJ?Ey<g5AE*$J%G%6%$%s!%$=$l$>$l$N80$G>ZL@=q$rH/9T$G$-$k!%(B\\ 

1266: %  & & PGP$B$N%3%_%e%K%F%#$OJ,;69=B$$N%\%H%`%"%C%W$K$h$C$F9=C[$5$l(B\\ 

1267: %  & & $B$k!%(B\\ 

1268:   & Trust Model: & {\it Web of Trust}, file-based PKI.\\ 

1269: %  & $B?.MQ%b%G%k(B: & {\it Web of Trust} ($B?.MQ$NNX(B) \\ 

1270:   & Signatures: & Each certificate can have multiple signatures; the first \\ 

1271:   & & signature belongs to the issuer of the certificate. \\ 

1272: %  & $BEE;R=pL>(B: & $B$=$l$>$l$N>ZL@=q$OJ#?t$N=pL>$r4^$`$3$H$,$G$-$k!%:G=i$N(B

1273: %  $B=pL>$O(B\\ 

1274: %  & & $B>ZL@=qH/9T<T$K$h$k=pL>$G$"$k!%(B\\ 

1275:   & Certificate Revocation:  & A `key revocation certificate,' suicide note is posted on \\ 

1276:   & & {\it PGP keyservers}, and widely distributed to people who\\ 

1277:   & & have the compromised key on their public keyrings. \\ 

1278: %  & $B>ZL@=q$N<:8z(B & $BMxMQ<T$,GK4~>ZL@=q$r(BPGP$B8x3+80%5!<%P$KEPO?$9$k$3$H$G!$(B\\ 

1279: %  & & $BL58z$K$J$C$?8x3+80$r<j85$K;}$C$F$$$kAj<j$KG[I[$9$k!%(B\\ 

1280:   & Name Space: & Global \\ 

1281: %  & $B%M!<%`%9%Z!<%9(B: & $B%0%m!<%P%k(B \\ 

1282:   & Types of Certificates: & Name Certificates \\ 

1283: %  & $BG'>Z%?%$%W(B: & $BK\?M@-$NG'>Z(B \\ 

1284:   & Name-to-Key binding: 

1285:   & Single-valued function: each global name is bound to ex- \\ 

1286:   & & actly one key (assuming each user has a single public-\\ 

1287:   & & private key pair). \\ 

1288: %  & $B<1JLL>$H80$H$N7k9g(B:              

1289: %  & $BC10lCM4X?t(B: $B%0%m!<%P%k$J<1JLL>$O$=$l$>$lM#0l$N(B\\ 

1290: %  & & $B80%Z%"$H0lBP0lBP1~$7$F$$$k!%(B\\ 

1291: %  & & ($B%f!<%6$O$?$@$R$H$D$N8x3+80HkL)80%Z%"$r;}$C$F$$$k$H2>Dj$9$k(B) \\ 

1292:   \hline

1293:  {\bf SPKI/~SDSI} & CA Characteristics:  & Egalitarian design. The principals are the public keys. \\ 

1294:  {\bf } & & Each key can issue certificates. SPKI/SDSI communities \\ 

1295:   & & are built from the bottom-up in a distributed manner. \\ 

1296: %  & CA$B$NFCD'(B: & $BJ?Ey<g5AE*$J%G%6%$%s!%$=$l$>$l$N80$O>ZL@=q$rH/9T$G$-$k!%(B\\ 

1297: %  & & $B8x3+80$,<1JL@-$r;}$D!%(B\\ 

1298: %  & & SPKI/SDSI$B$N%3%_%e%K%F%#$OJ,;69=B$$N%\%H%`%"%C%W$K$h$C$F9=(B\\ 

1299: %  & & $BC[$5$l$k!%(B\\ 

1300:   & Trust Model:  & Trust originates from the guardian. A requestor provides \\ 

1301:   & & a chain of authorization from the guardian to the \\ 

1302:   & & requestor's key. The infrastructure has a clean, scalable \\ 

1303:   & & model for defining groups and delegating authority. \\ 

1304: %  & $B?.MQ%b%G%k(B: & {\it chain of authorization}$B$NDs6!(B \\ 

1305: %  & & $B%0%k!<%W$rDj5A$7G'>Z$r0QG$$9$k$?$a$K%$%s%U%i%9%H%i%/%A%c$O(B\\ 

1306: %  & &$BL@2w$G%9%1!<%i%V%k$J%b%G%k$r;}$D!%(B\\ 

1307:   & Signatures: & Each certificate has one signature, belonging to the

1308:   issuer\\ 

1309:   & & of the certificate.\\ 

1310: %  & $BEE;R=pL>(B: & $B$=$l$>$l$N>ZL@=q$O>ZL@=q$NH/9T<T$K$h$k=pL>$r0l$D4^$s$G$$(B

1311: %  $B$k!%(B\\ 

1312:   & Certificate Revocation: & Advocates using short validity periods

1313:   and {\it Certificates of}\\ 

1314:   & & {\it Health}.\\ 

1315: %  & $B>ZL@=q$N<:8z(B: & $BC;$$M-8z4|8B$H@8B8>ZL@=q$rMQ$$$k(B\\ 

1316:   & Name Space: & Local \\ 

1317: %  & $B%M!<%`%9%Z!<%9(B: & $B%m!<%+%k(B \\ 

1318:   & Types of Certificates: & Name Certificates,

1319:   Authorization Certificates \\ 

1320: %  & $B>ZL@%?%$%W(B: & $BK\?M@-$N>ZL@$^$?$OG'>Z$N>ZL@(B \\ 

1321:   & Name-to-Key binding:  & Multi-valued function: each local name is bound to zero, \\ 

1322:   & & one or more keys (assuming each user has a single public \\ 

1323:   & & -private key pair). \\ 

1324: %  & $B<1JLL>$H80$H$N7k9g(B:           

1325: %  & $BB?CM4X?t(B: $B%m!<%+%k$JL>A0$O%<%m!$(B1$B!$$=$l0J>e$N80$H7k9g$5$l$k!%(B\\ 

1326: %  & & ($B%f!<%6$O$?$@$R$H$D$N8x3+80HkL)80%Z%"$r;}$C$F$$$k$H2>Dj$9$k(B) \\ 

1327:   \hline

1328:  \end{tabular}}

1329:  \end{center}

1330:  \caption{Comparison of X.509, OpenPGP, and SPKI/SDSI}\label{table:SPKI/SDSI}

1331: \end{table}

1332: \twocolumn

1333: 

1334: %\section{memo}

1335: %http://packages.debian.org/stable/misc/signing-party.html

1336: 

1337: \end{document}

1338: %

1339: %\appendix

1340: %\section{Brainstorming}

1341: %

1342: %\paragraph{Untrusted CA}

1343: % $B>&MQ$NG'>Z6I$O3N<B$+(B?

1344: % 

1345: % $B$+$D$F%^%$%/%m%=%U%H<R$K@.$j$9$^$7$?2?<T$+$,!"(B

1346: % Verisign$B<RH/9T$NG'>Z=q$r<hF@$7A{$.$K$J$C$?!%(B

1347: % $B$3$N;v7o$,H/3P$9$k$H(BVerisign$B$O(B

1348: % $BH/9T$7$?$3$NIT@5$JG'>Z=q$rL58z$K$7!$$=$l$rDLCN$9$k(BCRL

1349: % (Certificate Revocation List)$B$rMQ0U$7$?!%(B

1350: % $B$7$+$7!$Ev$N%^%$%/%m%=%U%H$N@=IJ$K$O(BVeriSign$B$,MQ0U$7$?(BCRL$B$r=hM}$9$k5!(B

1351: % $BG=$,<BAu$5$l$F$$$J$+$C$?$?$a!$(BOS$B$r%"%C%W%G!<%H$9$kI,MW$K$J$C$?(B

1352: % ~\cite{MS01-07}$B!%(B

1353: % 

1354: % OpenPGP $B$N$h$&$K<+J,$N<j$G3NG'$9$kJ}K!$+!"$"$k$$$O(BWeb of Trust$B$N$h$&$K(B

1355: % $B$"$J$?$,?.Mj$G$-$kBh;0<T$N>ZL@$r$"$J$?$,3NG'$9$kJ}K!$O$H$F$b9gM}E*$J$N(B

1356: % $B$G$9!#Bh0l$K@UG$=j:_$,L@3N$G$"$k$3$H$,>e$2$i$l$^$9!#$3$l$OMxMQ<T@UG$$G(B

1357: % $B$"$k$3$H$,$O$C$-$j$7$F$$$^$9!#<!$K?.Mj$N$*$1$kJ#?t$NBh;0<T$N=pL>$,$"$k(B

1358: % $B$h$&$J>l9g!"$9$Y$F$N=pL>$,56B$!"$"$k$$$O@.$j$9$^$7$G$@$^$;$k3NN($O>.$5(B

1359: % $B$/$J$j$^$9!#(B

1360: 

1361: %\subsection{ OpenPGP $B$H(BX.509$B$H$NHf3S(B}

1362: %Table \ref{table:PGP/X509}$B$K(BPKI$B$H$7$F$N(B OpenPGP $B$H(BX.509$B$H$rHf3S$9$k!%(B

1363: %\begin{table}

1364: % \begin{center}

1365: % \begin{tabular}{|r|l|l|}

1366: %  \hline

1367: %  ~ & X.509 & OpenPGP \\ \hline

1368: %  PKI architecture: & hierarchical PKI & trust-file PKI \\ 

1369: %  Certificate Issuer : & CA & each user \\ 

1370: %  Base of trust: & root CA & Face-to-face \\ 

1371: %  $BG'>Z$NO":?9=B$(B: & $B%D%j!<7?(B & $B%f!<%6Cf?47?(B \\ 

1372: %  $BG'>Z<T$rG'>Z$9$k:,5r(B: & $BMxMQ<T$K$h$kA*Br(B & $BMxMQ<T<+?H(B \\ 

1373: %  $B>ZL@=q$NGK4~$N4IM}(B: & $B$"$j(B & $BIT40A4(B\\ 

1374: %  $B%3%9%H(B: & $B9b$$(B & $BDc$$(B \\ 

1375: %  \hline

1376: % \end{tabular}

1377: % \end{center}

1378: % \caption{X.509$B$H(B OpenPGP $B$NAj0cE@(B}\label{table:PGP/X509}

1379: %\end{table}

1380: 

1381: %\subsection{$B8x3+80%5!<%P$NMxMQ=87W;vNc(B}

1382: %$B8x3+80%5!<%P$KEPO?$5$l$F$$$kKDBg$J8x3+80%G!<%?$rE}7WE*$K(B

1383: %$B2r@O$9$k;n$_$b9T$J$o$l$F$$$k!%(B

1384: %1996$BG/(B1$B7n$K(BNeal McBurnett$B$,:G=i$NE}7W$r9T$J$$!$(B

1385: %$B8=:_$G$O(BDrew Streib$B$,(B

1386: %$B9q:]E*$JF14|$r$H$C$F$$$k(BPGP$B8x3+80%5!<%P$N0l$D$G$"$k(B {\tt www.us.pgp.net

1387: % (pgp.dtype.org)}$B$N%G!<%?$rDj4|E*$KJ,@O$7$F$$$k!%(B

1388: %

1389: %$BC1$J$k8x3+80?t$N=87W0J30$K$b!$(B

1390: %$B6=L#?<$$;n$_$H$7$F!$(B

1391: %$B%5!<%P$KEPO?$5$l$F$$$k8x3+80$+$i(B

1392: %$BC/$,C/$K=pL>$7$F$$$k$+$r=87W$7!$=pL>?t$N>e0L<T$rD4$Y$kD4::$,$"$k!%(B

1393: %$B$3$ND4::$K$h$l$P!$%8%g!<%8%"9)2JBg3X$N(B Peter N. Wan $B$H(BMIT$B$N(B Theodore Ts'o $B$,(B

1394: %$B<s0L$rAh$C$F$$$k!%(B

1395: %

1396: %% [pgp-folks.124]

1397: %% $B80%5!<%P$KEPO?$5$l$F$$$k8x3+80$N=pL>4X78$r2r@O$9$k3X@8$H$$$&$N$O!$(B

1398: %% Neal McBurnett $B$+(B Drew Streib $B$N$3$H$G$9$M!%(B

1399: %% http://dtype.org/keyanalyze/

1400: %% $B$+$i!$$?$H$($P5nG/$N(B8$B7n$N2r@O7k2L$r8+$F$_$k$H!$$d$O$j(B1$B0L$O(BPeter Wan.

1401: %% http://dtype.org/keyanalyze/200108.php

1402: 

1403: %\subsection{$B%-!<%5%$%s%Q!<%F%#!<(B}

1404: %%$BH`$i$N$h$&$KL5?t$N?MJ*$N8x3+80$K=pL>$r9T$J$&$?$a$K$O!$(B

1405: %%$BB?$/$N?M$,8x3+80$r;}$C$F8=$l$?;~$K!$$=$N?MJ*$,(B

1406: %%$B$?$7$+$K$=$N8x3+80$N;}$A<g$G$"$k$3$H$r(B

1407: %%$B3NG'$9$k<j=g$r$"$i$+$8$a7h$a$F$*$/I,MW$,$"$k!%(B

1408: %

1409: %% CA$B$G$O$J$/(BBOF

1410: %% ~\cite{Rose199804}

1411: %

1412: %$B8x3+80$X$N=pL>$r9T$J$&A0$K9T$J$&$3$N<j=g$H$7$F$O!$(B

1413: %$BB?$/$N?M$r=8$a$F9T$J$&%-!<%5%$%s%Q!<%F%#!<$,$h$/CN$i$l$F$$$k!%(B

1414: %

1415: %$B%-!<%5%$%s%Q!<%F%#!<$K$O!$(B

1416: %$B;22C<T$,0lF2$K=8$^$j!$(B

1417: %$BA40w$,4i$r8+9g$o$;$J$,$i%Q%9%]!<%H$r2sMw$9$k$J$I$7$F(B

1418: %$BAj8_$KG'>Z$9$kJ}K!!$$"$k$$$O(B

1419: %$BG'>ZC4Ev<T$,K\?M3NG'$7!$$=$N>l$K5o9g$o$;$?%a%s%P!<$,(B

1420: %$B$=$3$G3NG'$5$l$?8x3+80$K=pL>$r9T$&$H$$$&(B2$B$D$N<jK!$,$"$k!%(B

1421: %

1422: %$BA0<T$O(B OpenPGP $B$N%a%C%7%e7?G'>Z%Q%9$r3hMQ$7$F$*$j!$(B

1423: %$B$*8_$$$rCN$j?FKS$r?<$a$k$H$$$&8z2L$b4|BT$G$-$k$,!$(B

1424: %$B?M?t$,A}$($l$PA}$($k$[$I8zN($,0-$/$J$k$?$a$K(B

1425: %$B?M?t$N5,LO$,>.$5$$>l9g$K8B$i$l$k!%(B

1426: %

1427: %% $BA0<T$O%P%C%I%"%$%G%"$@!%$3$l$O?M$,A}$($k$K$D$lHs>o$KLLE]$K$J$k$N$OL\$K(B

1428: %% $B8+$($F$$$k$7!$<B:]$K$d$C$F$_$k$HHa;4$G$"$k!%(B

1429: %% 2000$BG/(B4$B7n$K(BGNUPG$B$N(BWerner

1430: %% Koch$B!$(BPGP$B$N(BPhilip Zimmermann$B$r$O$8$aI.<T$b4^$a$?(BPGP keyserver manager

1431: %% 20$B?tL>$,0lF2$K=8$^$C$?>.$5$$$,Hs>o$K=EMW$J2q5D$,%*%i%s%@$G3+:E$5$l$?!%(B

1432: %% $B$3$N;~$H$P$+$j$KA40w$GA40w$rG'>Z$9$k%?%$%W$N%-!<%5%$%s%Q!<%F%#!<$r9T$C(B

1433: %% $B$?!%%Q%9%]!<%H$J$I$N<L??F~$j?HJ,>ZL@=q$,A40w$N4V$G2sMw$5$l!$<+J,$N=gHV(B

1434: %% $B$K$J$C$?;~$K<+J,$G<+J,$N%U%#%s%,!<%W%j%s%H$rFI$_>e$2$k!%$*8_$$$rCN$j?F(B

1435: %% $BKS$r?<$a$k$H$$$&8z2L$O@dBg$G$"$k$,Hs>o$K8zN($,0-$/BgJQ$@$C$?!%(B

1436: %

1437: %$BAH?%Fb$NMxMQ$H$7$F$O!$8e<T$NJ}K!$,0lHLE*$G$"$k!%6qBNE*$K$O!$(B

1438: %$B%;%-%e%j%F%#C4Ev<T$K;vA0$K8x3+80$H%U%#%s%,!<%W%j%s%H$rAw$j!$(B

1439: %$BLL@\$N8e$KC4Ev<T$,8x3+80$KEE;R=pL>$r;\$9$H$$$C$?J}K!$G$"$k!%(B

1440: %$B$?$H$($P%Z%s%7%k%t%!%K%"Bg3X$G$O!$%;%-%e%j%F%#C4Ev<T$K(BPGP$B=pL>(B

1441: %$B$r?=@A$9$k<jB3$-$d%,%$%I%i%$%s$r8x3+$7$F$$$k(B~\cite{upenn}$B!%(B

1442: %

1443: %$B%*!<%W%s%=!<%93+H/<T$N4V$G$b!$%5%$%s%Q!<%F%#!<$N<j0z$-(B

1444: %$B$,G[I[$5$l$F$$$k(B~\cite{keyparty}

1445: %$B$^$?!$%-!<%5%$%s%Q!<%F%#!<$N3+:EM=9p$r%$%s%?!<%M%C%H>e$G8x3+$9$k(B

1446: %$B%5%$%H$bB8:_$9$k(B~\cite{partyguide}$B!%(B

1447: %$B9q:]AH?%$H$7$F$O(B

1448: %IETF$B$NG/(B4$B2s$NBg2q$K$*$$$F$b!$(B

1449: %IETF Night Session $B$G$N(B PGP Key Signing

1450: %$B$,3+$+$l$k$N$,91Nc$K$J$C$F$*$j!$(BPGP$B%5%$%s%Q!<%F%#!<$O0lDj$N(B

1451: %$B5!G=$r2L$?$7$F$-$?$H8@$($k!%(B

1452: %

1453: %

1454: %%  Linkname: Slides for the Usenix 1995 Keynote Address by Mark Weiser,

1455: %%      9am CST January 18, 1995.

1456: %%     URL: http://www.ubiq.com/hypertext/weiser/Usenix95.html

1457: %

1458: %\paragraph{Practical Viewpoint}

1459: %% Hacker **

1460: %% Taylorist productivity measures (FirstMonday)

1461: 

1462: % \subsection{German Government and GnuPG}

1463: % 1999$BG/0J9_!$%I%$%D@/I\$O(BGnuPG$B%W%m%8%'%/%H$r;Y1g$7!$@/I\5!4X$K:NMQ$9$k(B

1464: % $BF0$-$r8+$;$F$$$k!%(B

1465: % $B$^$:(B1999$BG/(B11$B7n$K(B

1466: % $B%I%$%D$NO"K.7P:Q5;=Q>J(B (BMWi, Bundesministerium f\"{u}r Wirtschaft und

1467: % Technologie)$B$,(BGnuPG$B%W%m%8%'%/%H$K(B318,000$B%^%k%/(B ($B$*$h$=(B17$BK|(BUS$B%I%k(B)$B$N(B

1468: % $B;q6b1g=u$r9T$J$&$3$H$rH/I=$7$?(B~\cite{BMWi1999,Wayner1999}$B!%(B

1469: % $B$3$N%W%m%8%'%/%H%j!<%@!<$O%I%$%D:_=;$N(BWerner Koch$B$G$"$k(B

1470: % (GnuPG$B$O@$3&3FCO$+$i3+H/<T$,;22C$7$F$$$k$,!$%W%m%8%'%/%H%j!<%@!<$O(B

1471: % Werner Koch$B$,C4Ev$7$F$$$k(B)$B!%(B

1472: % 

1473: % GnuPG$B$N=i4|%P!<%8%g%s$N%j%j!<%9$HA08e$7$F%I%$%D@/I\$O(B

1474: % $B%=!<%9%3!<%I$r8x3+$K$9$k$3$H$G%7%9%F%`$N0BA4@-$r3NJ]$9$k$?$a$K!$(B

1475: % $B0E9f$NG[I[(B/$BM"=P$KBP$7$F@)8B$r@_$1$J$$J}?K$rH/I=$7$F$$$k$,!$(B

1476: % GnuPG$B$N;Y1g$O$=$N1dD9$H$7$F9M$($i$l$k!%(B

1477: 

1478: %\paragraph{visualization}

1479: % \begin{figure}[h]

1480: % \begin{center}

1481: %  \includegraphics[width=6.0in]{debian-keyring.dot.1024.ps}

1482: % \end{center}

1483: % \caption{Visualized Web of Certificate~\cite{springgraph}}\label{fig:debian.ps}

1484: % \end{figure}

1485: 

1486: % $BBP>]$H$J$C$?(BDebian$B3+H/%A!<%`%a%s%P!<$O!$(B

1487: % $B%$%s%?!<%M%C%H>e$G$N3+H/$N$d$j$H$j$K$O(B OpenPGP $B$K=`5r$7$?(B

1488: % GNU Privacy Guard (GnuPG, GPG)$B$rMQ$$$?=pL>$r(B

1489: % $B8x<0$KMQ$$$F$$$k!%(B

1490: % $B$3$N;k3P2=$9$k$3$H$K$h$C$F!$(B

1491: % $B%W%m%8%'%/%H%j!<%@!<$,Cf?4E*$JLr3d$r(B

1492: % $B2L$?$7$F$$$k$3$H$,3NG'$5$l$?(B~\cite{Debian2000}$B!%(B

1493: 

1494: %\subsection{Characteristics of OpenPGP }

1495: % ``X.509 vs PGP'' $BBPN)35G0$G9M$($F$7$^$$$,$A$G$"$k!%(B

1496: % ``Why OpenPGP's PKI is better than an X.509 PKI''~\cite{Zimmerman2001}

1497: 

1498: % X.509$B$H(B OpenPGP $B$O$?$H$(F1$80E9f%"%k%4%j%:%`$r:NMQ$7$F$$$F$b!$(B

1499: % $B$3$l$^$G$^$C$?$/JL!9$KI8=`2=$r?J$a$F$*$j!$Aj8_@\B3@-$O$J$+$C$?!%(B

1500: % $B$?$H$($P!$(BS/MIME$B=`5r$NEE;R=pL>%a!<%k$H(B OpenPGP $B=`5r$NEE;R=pL>%a!<%k$H$O(B

1501: % $BJL!9$N%"%W%j%1!<%7%g%s$K$h$C$F=hM}$5$l$k!%(B

1502: % $B$3$l$ON><T$N(BPKI$B$N%b%G%k$,0[$J$C$F$$$k$?$a$G$"$k!%(B

1503: 

1504: % $B$3$N$?$a$K!$(B OpenPGP $B$ODL?.$7$?$$Aj<j$N8x3+80$r(BCA$B$+$iF~<j$9$k$N$G$O$J$/!$(B

1505: % $BKvC<MxMQ<T$,<+NO$GF~<j$7$J$1$l$P$J$i$J$$!%(B

1506: % $B$3$l$OG'>Z%7%9%F%`9=C[$K$*$$$FLdBj$H$J$k2DG=@-$,$"$k!%(B

1507: 

1508: % 1997$BG/$ND4::$K$h$l$P!$<B:]$K;H$o$l$F$$$k(B OpenPGP $B$N(Bweb of trust$B$G$O(B

1509: % 6$B$D@h$^$G$NG'>Z4X78$^$G$7$+$?$I$l$J$+$C$?(B~\cite{McBurnett1997}$B!%(B

1510: 

1511: %        Paper Submission: July 1, 2003

1512: %        Author Notification: Sep. 15, 2003

1513: %        Final Manuscript: Oct. 7, 2003

1514: %http://www.saint2004.org

1515: %

1516: %   Please note that a paper should be strictly limited within 10 pages,

1517: %   and extra charge will be applied for pages 8 to 10 when accepted for

1518: %   the proceedings.

1519: %  - 1 to 7 page : no extra charge

1520: %  - 8 to 10 page : 21000 YEN (about $175) per page

1521: %  - more than 10 page : rejected

1522: % Deadline: July 1, 2003, 23:59:59 Apia, Samoa time

1523: %

1524: % ispell -W 9 -V -t main.tex

1525: %dvips -f main.dvi | ghostview -

1526: