German ct magazine postulates death of pgp encryption

Marco Zehe marcozehe-ml at mailbox.org
Sun Mar 1 17:31:23 CET 2015


Hi Patrick,

> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig <patrick at enigmail.net>:
> 
> The idea I have in mind is roughly as follows: if you upload a key to
> a keyserver, the keyserver would send an encrypted email to every UID
> in the key. Each encrypted mail contains a unique link to confirm the
> email address. Once all email addresses are confirmed, the key is
> validated and the keyserver will allow access to it just like with any
> regular keyserver.

I like this idea very, very much! This is a confirmation that doesn’t hurt anybody, and it is something that insures on a basic level, that the key isn’t completely bogus.

I have seen part of this in a different context in Mozilla’s Bugzilla, when one uploads one’s public key into the Bugzilla account to be able to receive security-sensitive messages. After submitting the form, Bugzilla sends an encrypted message to the account’s e-mail address, assuming the public key just uploaded belongs to that address. It doesn’t go as far as requiring verification via a link, but it definitely confirms if the key is working for the user.

Marco

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150301/106055d1/attachment.sig>


More information about the Gnupg-users mailing list