mailto with pgp fingerprint

Thomas Harning harningt at gmail.com
Fri Jul 25 16:12:58 CEST 2014


On Fri, 25 Jul 2014 14:44:54 +0100
MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi
> 
> 
> On Friday 25 July 2014 at 2:01:28 PM, in
> <mid:CACpWn9Tbm5KO1mQEE3OVFEhif1dV5U3n1PjF-K42jZSStYuR1g at mail.gmail.com>,
> Schlacta, Christ wrote:
> 
> 
> > On Jul 25, 2014 5:30 AM, "MFPA"
> > <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
> >> If I recall correctly, PGP's keyserver "PGP Global
> >> Directory" sends an email to each email address in the
> >> uids when a key is submitted, and only lists those
> >> uids whose email address replies. It re-sends these
> >> verification emails every six months, and deletes keys
> >> if there is no reply. It also allows anybody with
> >> access to your email address to delete your key and
> >> upload a different one, according to Wikipedia [0].
> 
> > I just recently published a number of keys, and never
> > noticed any such emails.
> 
> 
> Did you publish them to the (stand-alone) "PGP Global Directory?"
> rather than to one of the keyservers that propagates the keys to each
> other?
> 
> It's possible the "PGP Global Directory" has changed it's processes,
> but any such change is not yet reflected in their FAQ page [0], which
> still says:-
> 
> "What new features are available with the PGP Global Directory?
> The PGP Global Directory uses next-generation keyserver technology; it
> sends verification messages to the email addresses on a submitted key
> and lets you manage your own key, including removing it--features not
> available on keyservers with older keyserver technology."
> 
> and:-
> 
> "Does the PGP Global Directory use any other methods for keeping
> itself free of unusable keys?
> Yes. The PGP Global Directory re-verifies keys every six months by
> sending a renewal email message to the email address on the key. If
> the key owner does not respond, the key will be removed from the
> directory. In order for the key to remain on the PGP Global Directory,
> the owner must approve the renewal request. This feature ensures the
> PGP Global Directory will always contain only current keys."
> 
> 
> [0] <https://keyserver.pgp.com/vkd/VKDHelpPGPCom.html>.
> 
> 
> - --
> Best regards
> 
> MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net
> 
> The cure for anything is salt water - sweat, tears, or the sea.
> -----BEGIN PGP SIGNATURE-----
> 
> iPQEAQEKAF4FAlPSX1xXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
> bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
> N0VDQTAzAAoJEKipC46tDG5pBioD/j0j6cGF9Half1AQsqrvJvyAZo78qkPygBsK
> USkWeGrc1cFWuuqb6tAWJ5EFX46ez/JWbodD106so0ltNLPLgcrkor+ZEDjquI7C
> iHtH33j7h0ZEoCbwdtodhr+9C7ejwh+DahhpSNuHZgHfl4iG8xH8WpmMaJTSLu/i
> th42v9JR
> =Zdfe
> -----END PGP SIGNATURE-----

While PGP Global Directory provides for some basic level of "this email address belongs to this key"... its key signing policy leads to "cruft" buildup.

Back in April 2011 I signed up for it and got a series of key signatures every few weeks until January 2012 when I got fed up with it. There are now 14 expired signatures 'stuck' on my key and published to the directories...


-- 
Thomas Harning <harningt at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: </pipermail/attachments/20140725/f5a91298/attachment.sig>


More information about the Gnupg-users mailing list