German ct magazine postulates death of pgp encryption

Patrick Brunschwig patrick at enigmail.net
Sun Mar 1 15:41:33 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 27.02.15 20:56, Werner Koch wrote:
> On Fri, 27 Feb 2015 17:26, patrick at enigmail.net said:
> 
>> that anyone can upload _every_ key to a keyserver is an issue. If
>> keyservers would do some sort of verification (e.g. confirmation
>> of the email addresses) then this would lead to much more
>> reliable data.
> 
> We have such a system. It is called S/MIME.
> 
> Ever tried to find an S/MIME (X.509) key (aka certificate) for an 
> arbitrary mail address?  The only working solution to get such a 
> key is by sending a mail and asking for the key.  You can do the 
> very same with PGP of course.  Keyservers along with visting cards 
> are much nicer.
> 
> So, why is there no public service to distribute X.509 keys? 
> Because nobody want to be legally responsible for such a key
> unless you push a stack of money over the table for a qualified
> signature certificate.

I would not go that far as trying to guarantee the identity of key.
But I think if a keyserver could do some basic verification of keys,
it would make OpenPGP a lot easier to use for email.

The idea I have in mind is roughly as follows: if you upload a key to
a keyserver, the keyserver would send an encrypted email to every UID
in the key. Each encrypted mail contains a unique link to confirm the
email address. Once all email addresses are confirmed, the key is
validated and the keyserver will allow access to it just like with any
regular keyserver.

This way, we have a simple verification of the access to the private
the key, as well as access to the email addresses contained in the UID
by quite a simple means. I would say this is about as reliable as
sending an email to someone requesting their key.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU8yUaAAoJENsRh7ndX2k7Iz4P/j+rS8ZzqI62rQfc8RbNfPuT
1tinBE7Bf73PaZ+hpHCdEAcRUGhM64yRtNUAwovQt00sfdalF4WNKzdlItavMMLG
YtsgaEgZNf8JQlhC2u++Pxo7x7YlHXIuU5Wdu7rbSJXTSfacII7QPSIK39iMUDB5
Je4xUiQSBUeFgm0HLIlnuZMn4KLEPIdthss8golOYBZisSJM8lsucneKSH/4z7sf
d2zvfqRUVtyC9wtnzXDX0VmTP0m+LfVaug5fWyNB87yDKrWG6jqmttIm6vMFH534
RgHjjOCE5dzw0QIXfgv9d0xOFAGoMqt18UPAn/H7bxTJ2OAXHLvugBvfQxLrCO5N
Lb4PjICyC/PB6L+thQS8uG6a7CKDV+nU7MIxRzkFtFVmG4L0Ew8JWViQP6tFwUd6
UUxc3DS+kAPprGmG9sOpzf29c3nDkS1Fe697dOtKAexJ3MTT2Ygc1ZbkDGRhtiM8
5ahjYSxtw/cCRKwXOi40DzDlNG3h1L71q87hJk5m+Ithcz4qkCgLdjzisJZBQd2U
2ObU1Nzjg18bJlXeyoNYve/CdjRp8EHlckdFJr/rBWy10u2vn9kL8Eq3HXDtOZGR
V6va5bxt1jxOYiieAPpZ28Wr+TbxWR8Ih9dNkxCn19a5Hy0QtYYAVnJSrXEtv84y
4vjnCrxlE6QAkouU6XjB
=m2JV
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list