mailto with pgp fingerprint

Werner Koch wk at gnupg.org
Tue Jul 22 16:27:38 CEST 2014


On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said:
> More and more we seem to have the problem of faked keys in the key
> servers. This especially applies to "well known" keys such as
> authors of magazines and famous tools.

This is actually the problem of checking the validity of the key.
Granted, gpg is not smart enough to figure out the best matching key but
that is something which can be fixed.

A more simple way of tackling this is to use PKA or DANE for key
validation: For sending mail you already need DNS and thus it would be
easy to retrieve the matching key from the DNS.  The drawback is that
this must be configured by the key owner and can't be changed by the
sender.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list