Hello Martin,
so I think these people want to make it as easy as possible for others
to get the public key. I also make my keys available on my website and
via WKD and DNS.
From my point of view it is also a kind of security for people who want
to write to me that they have my real key - and n
Hello Vincent,
Ok - that is clear now. I never had the idea to get a "whole list"
from a key server but I didn't understand why people let access their
key only on their own website.
Martin
Thursday, February 2, 2023, 9:45:53 PM, you wrote:
>> Could you please explain this, I don't understan
Hi Martin,
Could you please explain this, I don't understand really. So there are
public and no public keys on the this key-server? Who decides that a
key is public or non-public? Who or how can I request a non-public
key?
Sorry, that wasn't as clear as it could have been. There are no
non-publ
Hello Vincent,
Thursday, February 2, 2023, 12:41:48 PM, you wrote:
> For traditional (sks-style) keyservers, it is true that the list of all
> certificates
> and email addresses is public, and must be by design. For keys.openpgp.org
> specifically, this full list is not public and never will be
Hey list,
Keyserver records are public and spammers can scan those
Just quickly noting, since keys.openpgp.org was mentioned at the
beginning of the thread:
For traditional (sks-style) keyservers, it is true that the list of all
certificates
and email addresses is public, and must be by desi
On Wed, 1 Feb 2023 16:51, Martin said:
> It just seemed like a contradiction to me if a key for security
> reasons should be downloaded from a website with an insufficient
> certificate ;-)
That is not really a matter. X.509 certificates as well as PGP keys are
self-contained. All OpenPGP appl
On Wednesday, February 1, 2023 5:33 PM, Martin wrote:
> Hello
>
> Perhaps my question is strange an silly ;-)
>
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages giv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Alex,
Wednesday, February 1, 2023, 1:01:21 PM, you wrote:
> There's not much you can do in those situations. There's not
> really much in the way of an advantage compared to downloading from a
> keyserver when searching by the key ID.
It jus
Hello,
Apart from the use of keyserver, it is relatively easy and highly
recommended to use WKD (Web Key Directory) for PGP-Keys.
Another alternative is DNS OPENPGPKEY Record.
regards
Juergen
Am 01.02.23 um 10:32 schrieb Martin:
Hello
Perhaps my question is strange an silly ;-)
More and mo
Hello Martin,
Il 01 febbraio 2023 alle 10:32 Martin ha scritto:
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages gives a link where the key could
> be downloaded. Som
On Wed, 1 Feb 2023 13:01:21 +0100
Alex wrote:
> There's not much you can do in those situations. There's not
> really much in the way of an advantage compared to downloading from a
> keyserver when searching by the key ID.
Correction: It can help if there are collisions, software should not
assu
On Wed, 1 Feb 2023 10:32:41 +0100
Martin wrote:
> Hello
>
> Perhaps my question is strange an silly ;-)
>
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages gives a
12 matches
Mail list logo
