Preserving non-central and privacy with a "permission recording keyserver"
Dirk Gottschalk
dirk.gottschalk1980 at googlemail.com
Wed Jul 10 23:28:47 CEST 2019
Hello Werner
Am Mittwoch, den 10.07.2019, 19:54 +0200 schrieb Werner Koch:
> On Wed, 10 Jul 2019 10:27, andrewg at andrewg.com said:
>
> > I don't think we should ever delete the full dataset (i.e.
> > including the
> > primary). We still need to be able to distribute revocations, and
> > that's
> > only going to work if they're attached to something.
>
> Some folks are talking about privacy reasons not to distribute the
> user-id. I don't buy this argument because the user has already
> given his consent (with most MUAs and with gpg's command line) to use
> a mail address along with a key and the specific format is a
> requirement.
Yes, that's my thaught.
[...]
> A key on a keyserver should never be searchable by user-id. It is
> not required and only an attractor to use the keyserver as free and
> searchable data storage. We only need lookups by fingerprint. Keys
> should in general be discovered by other reliable mail to key mapping
> services. If that is not possible there is always the fallback to
> first send a signed mail and the recipients tool can then lookup the
> key via the fingerprint (which is embedded in the signature) at a
> keyserver.
Then, the --search-keys option og gpg CLI is obsolete. That would be
okay, but this option should be disables in newer versions of gpg.
Regards,
Dirk
--
Dirk Gottschalk
GPG: 4278 1FCA 035A 9A63 4166 CE11 7544 0AD9 4996 F380
Keybase: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190710/de71c550/attachment.sig>
More information about the Gnupg-devel
mailing list