looking up pgp keys
Werner Koch
wk at gnupg.org
Tue Sep 10 14:37:19 CEST 2013
On Tue, 10 Sep 2013 06:26, gnupg-devel at spodhuis.org said:
> reading on this topic, but this is how PGP works. If you don't want a
> web-of-trust, with clients responsible for evaluating trust and
> identity, then you don't want to be using PGP (OpenPGP or its
Although the WoT is the de-facto trust mechanism used with OpenPGP,
there is no reason or technical problem to use OpenPGP in a different
way. In fact, OpenPGP is quiet about the trust mechanism. Instead of
the WoT you may implement an X.509 alike mode on top of OpenPGP or use a
simple direct trust mechanism ("gpg --trust-model=direct")
> If you want something you have to log in to change, then you're looking
> for 'finger', with PGP keys going in ~/.plan files.
finger even supports a ~/.pubkey file. I am using this for ages.
> Naming is a hard problem. Third-party independently verifiable naming,
> using names that carry semantic value, is even harder.
Right.
Let's address each other only by the fingerprint of its key:-).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list