email verification as casual checking?
nico.josuttis at t-online.de
Sat Aug 23 09:12:14 CEST 2014
if I try to use keyserver.pgp.com as enigmail key server
it neither accepts public keys I want to upload
nor gives responses to searches of emails I know they have.
Am I missing something or does this key server only
work on a manual copy&paste or upload/download base?
My question was about a real key server supporting
the usual key server protocol with the additional
a) verify email addresses of keys
b) serves as element in the WoT so that
I can use the server a trusted address,
so that all keys signed by this server
count as trusted (if I like)
Am 22.08.2014 20:03, Robert J. Hansen schrieb/wrote:
>> to deal with faked keys, some guys had the idea to use email
>> verification and let then certification servers take that as "casual
> I think the first people to do this were at PGP Security (pre-PGP
> Corporation; this was when PGP Security was owned by Network
> Associates). The PGP Global Directory worked basically this way.
>> The big disadvantage beside some details (such as registering
>> additional email addresses) is probably that PGP signatures usually
>> sign the owner, not his/her email address, if I understood it
> Not necessarily so. The RFCs define syntax for signatures, but not
> semantics. The semantics are left up to each individual user to determine.
>> What do you think about this idea? Was it ever discussed?
> Not only was it discussed, it was implemented and ran for years. The
> Global Directory may still be running, for all I know.
> However, the Global Directory didn't really solve any of PGP's usability
> problems. Was it worth doing? Yes. Did it live up to the hopes people
> had for it? Not really.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
Nicolai M. Josuttis
PGP Fingerprint: EA25 EF48 BF20 01E4 1FAB 0C1C DEF9 FC80 8A1C 44D0
More information about the Gnupg-users