mailto with pgp fingerprint
harningt at gmail.com
Fri Jul 25 16:12:58 CEST 2014
On Fri, 25 Jul 2014 14:44:54 +0100
MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> On Friday 25 July 2014 at 2:01:28 PM, in
> <mid:CACpWn9Tbm5KO1mQEE3OVFEhif1dV5U3n1PjF-K42jZSStYuR1g at mail.gmail.com>,
> Schlacta, Christ wrote:
> > On Jul 25, 2014 5:30 AM, "MFPA"
> > <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
> >> If I recall correctly, PGP's keyserver "PGP Global
> >> Directory" sends an email to each email address in the
> >> uids when a key is submitted, and only lists those
> >> uids whose email address replies. It re-sends these
> >> verification emails every six months, and deletes keys
> >> if there is no reply. It also allows anybody with
> >> access to your email address to delete your key and
> >> upload a different one, according to Wikipedia .
> > I just recently published a number of keys, and never
> > noticed any such emails.
> Did you publish them to the (stand-alone) "PGP Global Directory?"
> rather than to one of the keyservers that propagates the keys to each
> It's possible the "PGP Global Directory" has changed it's processes,
> but any such change is not yet reflected in their FAQ page , which
> still says:-
> "What new features are available with the PGP Global Directory?
> The PGP Global Directory uses next-generation keyserver technology; it
> sends verification messages to the email addresses on a submitted key
> and lets you manage your own key, including removing it--features not
> available on keyservers with older keyserver technology."
> "Does the PGP Global Directory use any other methods for keeping
> itself free of unusable keys?
> Yes. The PGP Global Directory re-verifies keys every six months by
> sending a renewal email message to the email address on the key. If
> the key owner does not respond, the key will be removed from the
> directory. In order for the key to remain on the PGP Global Directory,
> the owner must approve the renewal request. This feature ensures the
> PGP Global Directory will always contain only current keys."
>  <https://keyserver.pgp.com/vkd/VKDHelpPGPCom.html>.
> - --
> Best regards
> MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
> The cure for anything is salt water - sweat, tears, or the sea.
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----
While PGP Global Directory provides for some basic level of "this email address belongs to this key"... its key signing policy leads to "cruft" buildup.
Back in April 2011 I signed up for it and got a series of key signatures every few weeks until January 2012 when I got fed up with it. There are now 14 expired signatures 'stuck' on my key and published to the directories...
Thomas Harning <harningt at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 473 bytes
Desc: not available
More information about the Gnupg-users