Preserving non-central and privacy with a "permission recording keyserver"

Ángel angel at
Wed Jul 10 03:13:48 CEST 2019

On 2019-07-09 at 19:45 +0200, Michał Górny via Gnupg-devel wrote:
> I don't really understand why e-mail validation is proper consent to
> real name which is not verified at all.

I'm not convinced it could be done.

For validation you need a clear identifier. When you have an email you
can easily validate its owner accepts it to be published, but if there's
anything else attached to it, such as a secret you can't really validate
Suppose someone uploaded a key named:
 clarkentissuperman <lex at>

You can programmatically check that someone which currently has access
to <lex at> says "Yes, I am clarkentissuperman, own key
0xDEADBEEF and wish that key to be uploaded to the keyservers"

So far, so good, but is the name clarkentissuperman really his name (o
alias)? Or is it framing someone else?
Not only is that not automated, but it's really not decidable.

Now someone comes called Clark Kent (he provides a government issued
identification showing that), stating that such key is framing him.

Maybe. Or maybe not.
May someone have been named "clarkentissuperman"? Surely there could be
several people named Clark Kent, but who would name a kid 'superman'?¹ ²

Not to mention that it would make whole sense to use such name for
someone whose online identity was that nickname.³

The classic WoT solution uses signatures from people that validated it
IRL to vouch that the uid is correct (not that everyone does that
correctly, though).

But other than mandating the usage of keys with only an email address in
the uid field (or no uid field at all), there's little to do here.

And then, the next step would be to create a clarkentissuperman at 

Best regards


More information about the Gnupg-devel mailing list