-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 1 Mar 2015 at 17:21, Patrick Brunschwig wrote:
> On 01.03.15 16:38, Kristian Fiskerstrand wrote: > >>> In general I believe this to be an insufficient form of > >>> identification that really doesn't provide much of anything > >>> useful, but at least the PGP keyserver does it reasonably sane in > >>> its methodology by creating a signature from their CA on the key. > >>> Whether you put any merit to having such a CA signature or not is > >>> left up to the user (excluding for now the "fun" related to the > >>> spammy number of signatures from it) > > > >> Yes, I know. The re-confirmation every few months together with > >> re-signing the keys is among the things I dislike about > >> keyserver.pgp.com. But in general, I think that keyservers need to > >> go in that direction if we want to enable easy use of OpenPGP in > >> email (which requires in some way or another to download missing > >> keys automatically). > > > > You wouldn't need the keyservers to be involved in this at all. > > Anyone could set up such a mail verification CA outside of the > > keyserver network. > > Perfectly correct, yes. This is exactly what I'm proposing. I believe > that the current keyserver network cannot do this. I just don't have > the time to (also) work on this... > > - -Patrick I like this idea very much. (I must admit, I did not take notice of this feature at keyserver.pgp.com, However, I just tried it, but it refused my whole pubkey because it contains an expired subkey, but that's not a problem of the concept...). Uploadingonly with validation by e-mail to all (or at least a selected one) user-ids like keyserver.pgp.com does would be a really huge improvement and would address the initial problem about fake keys which lead the guy at c't to his PGP bashing. Key distribution between the keyservers same as now, and deleting a key on all servers (manually or after "Timeout" without confirmation) should be possible from any of these servers, not just this one the key was initially uploaded. And the objective should be to replace or retrofit the current system of keyservers. Two concurrent systems would not make OpenPGP more user friendly. What about crowdfunding such a development? Matthias - -- Matthias Mansfeld Elektronik * Printed Circuit Board Design and Assembly Neithardtstr. 3, D-85540 Haar, GERMANY Phone: +49-89-4620 0937, Fax: +49-89-4620 0938 Internet: http://www.mansfeld-elektronik.de OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGrelay v0.962 iQEcBAEBCAAGBQJU83WjAAoJEEBWH1SLWUDvqu0IAK8N/mUf5/T2hPCX4qMrpZyG c0SbxyECIk44/VCp9hOnp+fYd01Ocgv29P/w1KUSJsp5JrtxG3hkK+2SbYV6x+po dbSSPlyY8MOMQinYKyIP0VVSfVz5mScnxyjXZIMpmwbe6TYNacj/8DscVVXlBH8m afSTHIJDcMdvVn4fWOsvLufEUpCvmzbRuxEpSISJBRDgNlNE8DVAckfOoC+vIrbp 4Dr5BU4jJH3oFtG6p3yRt6bNW9wkPfYSp0mohVIO0KjSDMnrNq7t456xikehHxBn Q/e11FNv2bNvuPCZ3iET0ZfxUjvYlbS28Du7CgDRooA6jt7RLsULU3SmJuW4k/o= =2TV/ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
