protecting pub-keys from unwanted signatures

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Wed Aug 19 00:54:41 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 17 August 2015 at 12:27:10 AM, in
<mid:55D11C4E.1010505 at unseen.is>, Administrador wrote:


> For me there is no trust in the fact that anyone can sign my key and put
> it on a keyserver, and because I do not know the person who did can not
> validate their signiture/identity.

For the time being, forget keys and think about people in the real
world. Do you know the name of everybody who knows your name? Do you
know the name of anybody who does not know your name?



> What trust does this offer the
> people who are real, trusted and known by me and whos keys have been
> validated by me and my key(s) by them?

None: if you know each other and have verified each other's keys, you
do not need a certification from anybody else. In that case all
signatures are just "noise".

What about somebody who has not verified your key, but has verified
one or more of the keys that have signed your key? They can use the
presence of those signatures as a factor in deciding whether to trust
your key. In that case, signatures from keys that person has verified
are useful _to_that_person_ but any other signatures are "noise"
_to_that_person_. The signatures that have been found useful in this
case won't necessarily be signatures from keys that you have verified,
but their presence may have enabled somebody to decide to trust your
key.



> Give the owner the authority of his own public key and
> this issue would fixed.  For example: Only the owner of
> the public key has the right to put/remove/modify his
> own public key on a keyserver.

If such a server were implemented, anybody wanting to add a signature
without the key-owner's sanction could fetch the key, sign it, and
upload it to an ordinary server.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Free advice costs nothing until you act upon it
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJV07e6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwJsIH/AiGwS+qXe1y80Kk6poG+gKT
lPIFaBOnZGQC382vj5j90SdBo6mwcZai7BOQpHQ8l0aPn1VnhDPUUO6mWALybRlc
mRay5C1CUvVHSLTGzQXN8rR4PGDNUABPdYPp68L03tvo5sN3CgTJ/I+qdEVhDUFi
1vBJJClJBFFEcPoda+1svamJEOkQ7NQHCLOlnrnFW52ATLq5eHumnLJSSVx9Hbpv
3fqv3H7I5Qoe7N2rvehPW0fcj8JubbVKbPqMN6vnhTMWcbpUeX8SvFbMfrhIh0u0
pr8fUsOVX27BZfzFzPQk6Y14ZStWYDxVx+eDy3OEdcJ+ORBTY4OM4xC8xrzUV8CI
vgQBFgoAZgUCVdO34l8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45DT5AQC4d6i6z/NskkymgzVc1/vxnyiL
RVT7hOVcqtkCfmeetgD+JZ0rptgB3ZmTe55AObv+6mtRZF3dLoNraUJPotw2CQo=
=nWsm
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list