Silk Road forums

Discussion => Security => Topic started by: jackthetripper on February 09, 2012, 02:22 am

Title: Do Keyservers Compromise Security?
Post by: jackthetripper on February 09, 2012, 02:22 am
Hey guys I just had a thought and maybe you are with me on this- I realized this after uploading my key to gnu.whatever and my email is linked to my PGP key.  This is not a good thing.  The reason I did it originally was I was having some trouble with the Thunderbird program and thought that I might be able to get my certificate back in PKCS12 format.  I guess what I need to do is make a revocation certificate and create a new certificate, because right now anybody who uploads my key sees ___@gmail.com.  To me this is almost as bad as when most people (including myself) first start and send messages unencrypted- to be a n00b is forgivable but you need to learn from your experiences.  Just thought I'd share this and see what everybody else thinks.  I see one of my vendors has a public key uploaded but it is a safe-mail.net address- he is probably ahead of the game.  Later guys.
Title: Re: Do Keyservers Compromise Security?
Post by: LexusMiles on February 09, 2012, 02:30 am
safe-mail, gmail... I always thought it only matters if you logged into that email from your real IP (not using tor). Unless I misunderstood your dilemma,of course  :o
Title: Re: Do Keyservers Compromise Security?
Post by: SierraRS on February 09, 2012, 02:35 am
Use Tor and web browser to upload the key to one of the keyservers.
Title: Re: Do Keyservers Compromise Security?
Post by: LexusMiles on February 09, 2012, 02:42 am
My 1st reply might actually be bit bunk. Can someone be so kind as to describe the function of keyservers and email, in regards to SR? (cause I Googled and got a bit of an idea, but not fully).

Title: Re: Do Keyservers Compromise Security?
Post by: SierraRS on February 09, 2012, 02:47 am
If you are using pgp key only to encrypt messages to seller (recomended!) then you should not worry much about keyservers and e-mail addresses.

Keyservers are database to make other people easy to search and get another peoples public keys.

e-mail address in pgp key can be completely fake such as noreply@example.com but I recommend that you have seperate e-mail on tormail.net just for Silk Road purposes. Having real tormail e-mail in your Silk Road PGP key helps to keep vendors keychain well organized because they sometimes have hundreds of keys.
Title: Re: Do Keyservers Compromise Security?
Post by: LexusMiles on February 09, 2012, 03:07 am
^ cheers for description. Seems like key server doesn't apply much to a site like this (forums, PM, forms etc)....

The tor backup mail is certainly a good practice I guess though. Your key repository could then also serve as a list of vendors' emails (assuming the vendors are using tormail in their key).
Title: Re: Do Keyservers Compromise Security?
Post by: jackthetripper on February 09, 2012, 06:06 am
Thanks for the input and ideas.  I will create new key and link it to a tormail account.  The way I see it you want to keep yourself completely anonymous, and you could do that by either 1. not uploading your key, or 2. by uploading it with an untraceable email, which I assume tormail is (I have yet to check it out).  Btw Silk Road and the forums are very cool... I kinda see this as changing American society and culture and hope it stays around.  Winning the war on drugs, only the right side wins this time, with intelligence, technology, and careful planning and action...  8)