On Fri, 25 Jul 2014 14:44:54 +0100 MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Friday 25 July 2014 at 2:01:28 PM, in > <mid:cacpwn9tbm5ko1mqee3ovfehif1dv5u3n1pjf-k42jzsstyu...@mail.gmail.com>, > Schlacta, Christ wrote: > > > > On Jul 25, 2014 5:30 AM, "MFPA" > > <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > >> If I recall correctly, PGP's keyserver "PGP Global > >> Directory" sends an email to each email address in the > >> uids when a key is submitted, and only lists those > >> uids whose email address replies. It re-sends these > >> verification emails every six months, and deletes keys > >> if there is no reply. It also allows anybody with > >> access to your email address to delete your key and > >> upload a different one, according to Wikipedia [0]. > > > I just recently published a number of keys, and never > > noticed any such emails. > > > Did you publish them to the (stand-alone) "PGP Global Directory?" > rather than to one of the keyservers that propagates the keys to each > other? > > It's possible the "PGP Global Directory" has changed it's processes, > but any such change is not yet reflected in their FAQ page [0], which > still says:- > > "What new features are available with the PGP Global Directory? > The PGP Global Directory uses next-generation keyserver technology; it > sends verification messages to the email addresses on a submitted key > and lets you manage your own key, including removing it--features not > available on keyservers with older keyserver technology." > > and:- > > "Does the PGP Global Directory use any other methods for keeping > itself free of unusable keys? > Yes. The PGP Global Directory re-verifies keys every six months by > sending a renewal email message to the email address on the key. If > the key owner does not respond, the key will be removed from the > directory. In order for the key to remain on the PGP Global Directory, > the owner must approve the renewal request. This feature ensures the > PGP Global Directory will always contain only current keys." > > > [0] <https://keyserver.pgp.com/vkd/VKDHelpPGPCom.html>. > > > - -- > Best regards > > MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net > > The cure for anything is salt water - sweat, tears, or the sea. > -----BEGIN PGP SIGNATURE----- > > iPQEAQEKAF4FAlPSX1xXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl > bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 > N0VDQTAzAAoJEKipC46tDG5pBioD/j0j6cGF9Half1AQsqrvJvyAZo78qkPygBsK > USkWeGrc1cFWuuqb6tAWJ5EFX46ez/JWbodD106so0ltNLPLgcrkor+ZEDjquI7C > iHtH33j7h0ZEoCbwdtodhr+9C7ejwh+DahhpSNuHZgHfl4iG8xH8WpmMaJTSLu/i > th42v9JR > =Zdfe > -----END PGP SIGNATURE----- While PGP Global Directory provides for some basic level of "this email address belongs to this key"... its key signing policy leads to "cruft" buildup. Back in April 2011 I signed up for it and got a series of key signatures every few weeks until January 2012 when I got fed up with it. There are now 14 expired signatures 'stuck' on my key and published to the directories... -- Thomas Harning <harni...@gmail.com>
pgpMmjtgnJbu8.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
