looking up pgp keys

Werner Koch wk at gnupg.org
Tue Sep 10 14:37:19 CEST 2013

On Tue, 10 Sep 2013 06:26, gnupg-devel at spodhuis.org said:

> reading on this topic, but this is how PGP works.  If you don't want a
> web-of-trust, with clients responsible for evaluating trust and
> identity, then you don't want to be using PGP (OpenPGP or its

Although the WoT is the de-facto trust mechanism used with OpenPGP,
there is no reason or technical problem to use OpenPGP in a different
way.  In fact, OpenPGP is quiet about the trust mechanism.  Instead of
the WoT you may implement an X.509 alike mode on top of OpenPGP or use a
simple direct trust mechanism ("gpg --trust-model=direct")

> If you want something you have to log in to change, then you're looking
> for 'finger', with PGP keys going in ~/.plan files.

finger even supports a ~/.pubkey file.  I am using this for ages.

> Naming is a hard problem.  Third-party independently verifiable naming,
> using names that carry semantic value, is even harder.


Let's address each other only by the fingerprint of its key:-).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list