-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Ingo,
On 27.07.15 16:31, Ingo Klöcker wrote: > This whole concept of a whitelist of "trusted validation servers" > included in the email clients sounds a lot like the CA certificate > bundles included in browsers and/or OSes. Who is going to maintain > this whitelist? Whilelists: The OpenPGP-aware clients. There aren't so many of them, so that's manageable. > The email client developers? The OS manufactures? Who is going to > certify "trusted validation servers", i.e. who is going to tell > benign validation servers apart from malignant validation servers? There is a community providing keyservers (such as pool.sks-keyservers.net). My impression is that this network is well maintained and has worked reliably the last years. Why should there not be a similar community approach for setting up a (smaller) network of validating key server proxies. > I'd rather put my bets on a DANE-based approach like > https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ DANE requires write access to DNS. I don't see that the average OpenPGP user has facilities and knowledge to achieve setting up the required DNS records. If you can't convince the big mail providers (e.g. Google, GMX here in Germany, ...) to provide a reasonable interface for their users, I'm afraid that this will not be a success, Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJVtoDzAAoJEDrb+m0Aoeb+/NcP/ioUVK5tlkZ7bXlkiKKtaB1f 7EpTqpkg2gIY0ev6xhAWwLoDsACLX/iCmVu+OHgJbRFYo/e5m6FHzxpWEMMxgsON Dn7yuuHtxDxWQmX3LzPzG3GU3x2ynKuR7V5iyj4p1fbVYmijaIraOpbPaM5wKjP+ 2m5+QZjAHrHzFIrj4LadiaJmCn5HVfGcttqxc3I8u/oQl3uXoB1XTIa+Xf5lt2vG 7FUchBZCWSZVzShLk2PYU9ZYHK1/oMYFBS0qMgYtZeGnuCMUUbKFsPjfaqEAq/I9 95dxk9GSssxdANGFjyT9Q1fMdrJOdi/rAENCzHHQ+Tmj6Aa2cn46DNxjiqEjA77V YPvlLm9Sjec/UvpaJ3aYVhu+uHl7FwEsNe+ZA1W/y9HmdISCrmorpHi3SOCGJIWR PbGmRthYjDPQ7wK0naQ5my5prum586Cs9dloHMFuW/1jd7K2rC8GkOhR2KDpsHr3 L1sGovfBtahy3uVOOvqILZzX61qen9ACd/7XJBXOYurytgzXFzz8FtRehdwf31Of 3VnprnXPIWwOQ6Xj0lcilw3Ff3t8T2PgJqLftBxF+64bqtlP63XzFMNWo87a0nbo WfG13WHLdBEmWo2TiAA8EHFWCCW+HlGVclo+5mR/NBgFKlZhF4kAhgcaTwLvP6ke TnJfQ7Ba8btK1vP/5nfq =L7BF -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users