email verification as casual checking?

Nicolai Josuttis nico.josuttis at
Sat Aug 23 09:12:14 CEST 2014


if I try to use as enigmail key server
it neither accepts public keys I want to upload
nor gives responses to searches of emails I know they have.

Am I missing something or does this key server only
work on a manual copy&paste or upload/download base?

My question was about a real key server supporting
the usual key server protocol with the additional
features to
a) verify email addresses of keys
b) serves as element in the WoT so that
   I can use the server a trusted address,
   so that all keys signed by this server
   count as trusted (if I like)

Am 22.08.2014 20:03, Robert J. Hansen schrieb/wrote:
>> to deal with faked keys, some guys had the idea to use email
>> verification and let then certification servers take that as "casual
>> signing".
> I think the first people to do this were at PGP Security (pre-PGP
> Corporation; this was when PGP Security was owned by Network
> Associates).  The PGP Global Directory worked basically this way.
>> The big disadvantage beside some details (such as registering 
>> additional email addresses) is probably that PGP signatures usually
>> sign the owner, not his/her email address, if I understood it
>> correctly.
> Not necessarily so.  The RFCs define syntax for signatures, but not
> semantics.  The semantics are left up to each individual user to determine.
>> What do you think about this idea? Was it ever discussed?
> Not only was it discussed, it was implemented and ran for years.  The
> Global Directory may still be running, for all I know.
> However, the Global Directory didn't really solve any of PGP's usability
> problems.  Was it worth doing?  Yes.  Did it live up to the hopes people
> had for it?  Not really.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

Nicolai M. Josuttis
PGP Fingerprint: EA25 EF48 BF20 01E4 1FAB 0C1C DEF9 FC80 8A1C 44D0

More information about the Gnupg-users mailing list