I think it really needs to start with a clear explanation of what the security problems being addressed are. It seems to start in the middle not the beginning. Because security is a big issue I think it is worth iterating over the explanation a lot. We don't want people thinking that third parties might be looking after security better than they can themselves. It is often best to start with a threat analysis rather than assuming the reader understands the threat model you are addressing.
I don't think this is good enough yet (unlike the previous parts). Not saying there are technical issues with crypto but that it does not read convincingly yet for someone who has only been following intermittently.
I will try to write up some questions as a starting point for the bits I am not sure about.
BTW the previous parts of this series have been brilliant and maybe I am just paranoid about reaction to security parts... Hope this is helpful.
> --- You received this message because you are subscribed to the Google Groups "Unhosted Web Apps" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to unhosted+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
I think it really needs to start with a clear explanation of what the security problems being addressed are. It seems to start in the middle not the beginning.
PGP keyservers are networked for synchrony. If one has it, they all have it.
"The party hosting your public key can fool your peers, pretending to be you when sending a message."
Not true. [...] If someone fakes a signature on a public post which does not verify with copies of your key floating around, the game is up.
yeah, those "copies floating around" are what make it not true. so Charlie will not be able to publish a fake key on Alice's server, because Bob will be able to check its validity not only on Alice's webserver, but also on any keyserver. This assumes, though, that the keyserver has Alice's version and not Charlie's version of her key. if Charlie manages to get a fake key into the keyservers network, then that would allow him to sign messages as Alice, right?