Hi, * Nicolai Josuttis wrote on Fri, 22 Aug 2014, at 18:13 (+0200):
> to deal with faked keys, some guys had the idea to use email > verification and let then certification servers take that as > "casual signing". [...] What do you think about this idea? > Was it ever discussed? this has already been implemented and improved by CAcert: Fundamentally, CAcert is known for (a) issuing X.509 certificates to its members and for (b) building and operating a large Web of Trust. I think, (b) is more important. Also, CAcert offers the possibility to certify the user IDs of its members' OpenPGP keys. This basically works as follows: - First, you have to create a CAcert account. This requires an email address which is verified to be under your control. - Then you try to get your identity assured. You meet face-to-face with at least two assurers and present them at least one (two are preferred) photo IDs issued by a government. Depending on the assurers' experience you receive so called assurance points. - If you have collected 50+ assurance points, you could get your OpenPGP key's user ID(s) certified automatically. This certification expires after one year and is a generic one (0x10) instead of a casual one (0x12) (RFC 4880). See my key for details. - Of course, you can add additional verified(!) email addresses and also get them certified. I think, this process is far better than any mere email address validation service because OpenPGP certificates do cover the whole user ID. And it does *not* contain an email address only! Usually there is a name, too! The downside for this automatic process to work is, of course (but not really), that a user ID is forced to have a certain format. Have a look at http://www.cacert.org and http://wiki.cacert.org for further details. Regards, Mathias -- CAcert Assurer Do you want to encrypt your mail? Then join CAcert and get your SSL certificate from https://www.CAcert.org. If you have any questions, don't hesitate to ask. OpenPGP: ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net Fingerprint: B100 5DC4 9686 BE64 87E9 0E22 44C3 983F A762 9DE8
pgp7aEBcCZSOi.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users