-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Saturday 14 March 2015 at 10:37:18 PM, in <mid:caaocvpveqs-tq-reki8ax3spdst8p5tg0+koxvtufw0azy9...@mail.gmail.com>, Joey Castillo wrote: > The goal is to simplify > not just everyday things like how to make a key or > encrypt an email, but also more complex things like > "what is my identity and how do I verify it?" [1] > [1]: > https://github.com/josecastillo/signet/blob/master/guidelines.md#certification-and-trust Although I don't really like email addresses in the UIDs of my keys, I quite like the simplicity of your "email address only" simplified UID format. However, I would urge you to reconsider your decision to drop the angle brackets. At least one MUA (the MUA I am using to write this message) sends the email address enclosed in angle brackets as the search string for GnuPG to locate the key. No angle brackets around the email address means no key found. Your proposed "automated email verification service" will beat the PGP Global Directory's verification check by encrypting the verification message to confirm that the user is in control of the key as well as the email address. But it retains the problem of relatively frequent verification signatures accumulating; I don't know a solution to that. If a user has multiple email addresses, does the "automated email verification service" send a different encrypted verification link to each address, and then only sign the UIDs that the user verified? And is there the option to reply to email rather than click a link? Finally, if the person at the other end is able to decrypt my message and reply to me, then the key and the email address are controlled by the same person. What assurance does the verification service add? - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> Can you imagine a world with no hypothetical situations? -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJVB3uZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw5+8IAJy5B9i2Jd4RY7gWFUQtyJ8t GdUqHmGs8k3X/OwdOyvvD3GGZ7Wv/txZaHwaF8hA23axgGDnGOVfhucFe3BkQAFV EHXJ/+cmmtt3Hp7uSKMoL8vFvv9ePJnQOZ1y4cMsP9jEpdZ1/dX8iV70MYVtd+Dk uu0uqOt/MsQOg5Q45LmbCvhlL2ZDNoWqj4dmjdQ3t/LLWH2yI2yPQlk0KqJCB7LN QUIww+p+81q4R1RWbP2o+wHFH8Ch4NL6oF3hCAO/mQmF117wxxOiyB+oULmjrNrD Y0VYFbg9m23e/9EbtzBMvim6XRQhMbGwhWHy28yXuYX6vUQrmk5kHWmXdta1N5KI vgQBFgoAZgUCVQd7oF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PdmAQCjnWO9c1n74cf/2jU5OA9H+cgc HGU6wx1jaNzZjr9+3gEAcE6FbOrBfJEz648Ps/j3x3otTG+PxJFxzBzOyyid4gs= =GLMZ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
