encrypted public keys Was: Re: Bug in getkey.c:2219:merge_selfsigs

Werner Koch wk at gnupg.org
Tue Nov 14 19:18:18 CET 2006

On Fri, 10 Nov 2006 21:33, yaverot at nerdshack.com said:

> curious why encrypting signed keys back to their owner is a bad habit.
> It verifies the other half of the ID on the key (the email address), it
> verifies that that person (still) has the secret key and passphrase.

Why do you want this.  It might chabnge the next minute.

The main reason why sending a key back in an encrypted mail is that at
that time the key as already be signed and thus there exists a public
knowledge that about this signature.  Whether the signer uploaded the
key or not doesn't matter.  He has gone into great lengths to make
sure that he signed the correct key and any further checks are thus
not needed.

What do you do with keys which don't carry an encryption key? 

It is a policy decision whether to use an email challenge-response
*before* signing a key.  There is no reason to protect the public key
after signing - it is public.

Well, this holds valid for keys which are anyway public.  For the few
people who don't send their keys to a keyserver, it might make sense
to send it encrypted.

> Only if the owner puts his/her key on a keyserver, or someone
> disrespects his right to not have his key there.  I can think of a few

Checking my keyring shows that I did 873 signatures using my current
key.  I am sure that not more than a few dozen people send me their
key by mail or passed it using a floppy.  Almost always I retrieved
the key to sign from a keyserver and thus all this hiding of keys does
not make sense.

Further there is the problem that when attending a signing party a
small percentage of the attendees will accidently send the keys to a
keyserver and thus publish it.  You can't aboid that.  Well, you can
but then you should not go to a signing party or use the key to sign
anything which you can't be sure that it will stay within your closed

> Personally, while I don't like the aspects of social mapping, once I

Well, it just says that you and the other persons met some time before
the signature has been done.  You may delay the signing and batch them
up to make it harder to map the signing to a specific event.



More information about the Gnupg-users mailing list