mailto with pgp fingerprint

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Fri Jul 25 14:26:35 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 23 July 2014 at 9:02:23 PM, in
<mid:109D2E39-C8DC-4CBC-A404-A5BD1B1309AD at gpgtools.org>, steve wrote:


> Wouldn’t it be a nice solution, if key server software
> had a mechanism for users to verify their UserID by
> sending a mail to the mail address in question.

If I recall correctly, PGP's keyserver "PGP Global Directory" sends an
email to each email address in the uids when a key is submitted, and
only lists those uids whose email address replies. It re-sends these
verification emails every six months, and deletes keys if there is no
reply. It also allows anybody with access to your email address to
delete your key and upload a different one, according to Wikipedia
[0].

[0] <https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Problems_with_keyservers>

- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Yellow snow is not lemon flavoured
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlPSTQtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p/rMD/2jee+I7sU1i7Dj7dD1U1NXfxfeXADVVpoSg
O+cdMw4rhJLUbYg4c6GIvnvN6EeqvV5I85QMEvwpgimvY910Md2/KViqb6S215wY
WbtwAmVLyRdrB3pa8+03iTbGpaqlP6hjULDo8qEP0t63PLXHXujPqjoMmkg1/JHk
CXLcHH/4
=+CbD
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list