Rethinking OpenPGP PKI and OpenPGP Public Keyserver

OpenPGP, an IETF Proposed Standard based on PGP R © application, has its own Public Key Infrastructure (PKI) architecture which is different from the one based on X.509, another standard from ITU. This paper describes the OpenPGP PKI; the historical perspective as well as its current use. We also compare three PKI technologies standardized by IETF: OpenPGP, PKIX(X.509), and SPKI/SDSI. Since the OpenPGP PKI works without a registration authority nor certification authority, it fits well with the Internet communication with voluntary community. For example, the digital signature for email including the security patch program of free software is usually signed by not an authorized organization but the cross-PGP-signed individuals who belong to different organizations or nations. The current OpenPGP PKI issues include the capability of a PGP keyserver and its performance. PGP keyservers have been developed and operated by volunteers since the 1990s. The keyservers distribute, merge, and expire the OpenPGP public keys. Major keyserver managers from several countries have built the globally distributed network of PGP keyservers. However, the current PGP Public Keyserver (pksd) has some limitations. It does not support fully the OpenPGP format so that it is neither expandable nor flexible, without any cluster technology. Finally we introduce the project on the next generation OpenPGP public keyserver called the OpenPKSD, lead by Hironobu Suzuki, one of the authors, and funded by Japanese Information-technology Promotion Agency(IPA).