On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > that anyone can upload _every_ key to a keyserver is an issue. If > keyservers would do some sort of verification (e.g. confirmation of > the email addresses) then this would lead to much more reliable data.
We have such a system. It is called S/MIME. Ever tried to find an S/MIME (X.509) key (aka certificate) for an arbitrary mail address? The only working solution to get such a key is by sending a mail and asking for the key. You can do the very same with PGP of course. Keyservers along with visting cards are much nicer. So, why is there no public service to distribute X.509 keys? Because nobody want to be legally responsible for such a key unless you push a stack of money over the table for a qualified signature certificate. BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut down for similar legal reasons. However, it is not a problem, we can use other keyservers. > believe that this would make keyservers more trustworthy than today. There is no trust in keyservers by design. As soon as you start changing this you are turning PGP into a centralized system. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
