mailto with pgp fingerprint
Sam Gleske
sam.mxracer at gmail.com
Thu Jul 24 02:14:18 CEST 2014
I'm hoping keybase.io will hopefully resolve the issue of identity checking
with key fingerprints.
For example, my keybase account is... https://keybase.io/samrocketman
My friends who regularly interact with me on github (and more rarely
twitter) as well as the domain(s) I own will help to give my recipients the
benefit of the doubt that my key is what I say it is when they only see it
in an email.
On Tue, Jul 22, 2014 at 10:27 AM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said:
> > More and more we seem to have the problem of faked keys in the key
> > servers. This especially applies to "well known" keys such as
> > authors of magazines and famous tools.
>
> This is actually the problem of checking the validity of the key.
> Granted, gpg is not smart enough to figure out the best matching key but
> that is something which can be fixed.
>
> A more simple way of tackling this is to use PKA or DANE for key
> validation: For sending mail you already need DNS and thus it would be
> easy to retrieve the matching key from the DNS. The drawback is that
> this must be configured by the key owner and can't be changed by the
> sender.
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
GPG FINGERPRINT 4096 KEY
8D8B F0E2 42D8 A068 572E
BF3C E8F7 3234 7257 E65F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140723/f053abff/attachment.html>
More information about the Gnupg-users
mailing list