Keyservers:

 * sync
 * cryptographic keyservers
 
 ** SKS is great but written in ocaml so it is not easy to hack
 ** Adding more crypto verification to the keyservers
 
 ** onak contains code that we might be able to break out into a C library

Use cases we can streamline?

 * new key generation
 * one-to-one keysigning
 * ksps?

new implementations?
 * http://hackage.haskell.org/package/openpgp
 * http://hackage.haskell.org/package/hOpenPGP
 * RFP for netpgp but it has licensing issues
 * other libraries call GPG and try to parse it (python, etc)

divergence from upstream (gpg, sks, etc)?

* let's not diverge from upstream inasmuch as we can avoid it.
* even if you set the preferences to use strong hashes upstream program doesn't do it (if you have an existing weak self sig)

keyring-maint

best practices to recommend?
 * Strong signatures (What is strong? - Not MD5 or SHA1 as signature hash type)
 ** caff defaults (?) and others like Seahorse defaults (currently 2048 RSA, SHA-224)
 ** taking away the weak hashes means our strong set reduces to 154 from 965 (reachable 243 vs 1051).
 ** Need HOWTO on "fixing" weak signatures
 *** or auditing scripts?
 *** inspect key signature strength: https://github.com/tmarble/kspsig
 *** Can do this on self sig (except on subkeys)
 * Offline primary key (why?)
 * lsign before caff?

    Encryption Strength Equivalency Table[1][2]
===================================================
  Symmetric Key Size  |    RSA Key Size   |  Hash
===================================================
 80-bit symmetric key |  1024-bit RSA key | SHA-1
112-bit symmetric key |  2048-bit RSA key | SHA-224
128-bit symmetric key |  3072-bit RSA key | SHA-256
192-bit symmetric key |  7680-bit RSA key | SHA-384
256-bit symmetric key | 15360-bit RSA key | SHA-512
===================================================
[1] http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf (pages 63-64)
[2] http://www.rsa.com/rsalabs/node.asp?id=2004

Uses of the "web of trust"
* Monkeysphere

Badly-needed tools?
 * OpenPGP lint

KSP

 * key signining parties are complicated after a certain number of peoples  because the level of experience is very different.
 * refuse signing keys? :(
 * Add fake keys to keep the people on their toes.
 * KSP issues are different from regular keysigning
 * Mobile phones might change the way keysigning is done in the long run but that is debatable
 * Starting KSP with some information about keysigning hygiene?