On Tue 2015-07-21 23:36:45 +0200, ved...@nym.hush.com wrote: > There could be a workaround, where the key is uploaded to the keyservers, > but functionally unusable except to individuals whom the key-creator wants to > use it: > > [1] Encrypt part of the public key symmetrically, the same way that the > private key is symmetrically encrypted. > > [2] Send the passphrase to whomever you want to send the public key, > encrypted to their public key. > > [3] Upload the key to keyservers. It will be usable only by those whom you > choose to give the passphrase. > > (* Unless* you misjudged someone to whom you sent the passphrase, and he > turns maliciously on you, and uploads the decrypted form .... ) > > If such a key-type were implemented, would it need a change in 4880, other > than a notice to allow it?
if we were to have a cryptographically-validating keyserver, there's no way that the certificate could be verified. I'm not clear what the use case for this is. people who "want their public key to be not-public" probably actually care more about: * avoiding publication of their User ID, and * avoiding publication of a persistent identifier that can link communications together both of these things would probably fail if the key (even obscured) was published to the public key servers. I don't see how this proposal solves the identified concern (though it's possible that i'm misunderstanding the identified concern). --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
