German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/01/2015 05:31 PM, Marco Zehe wrote:
> Hi Patrick,
> 
>> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig 
>> <patrick at enigmail.net>:
>> 
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow
>> access to it just like with any regular keyserver.
> 
> I like this idea very, very much! This is a confirmation that
> doesn’t hurt anybody, and it is something that insures on a basic
> level, that the key isn’t completely bogus.
> 
> I have seen part of this in a different context in Mozilla’s 
> Bugzilla, when one uploads one’s public key into the Bugzilla
> account to be able to receive security-sensitive messages. After
> submitting the form, Bugzilla sends an encrypted message to the
> account’s e-mail address, assuming the public key just uploaded
> belongs to that address. It doesn’t go as far as requiring
> verification via a link, but it definitely confirms if the key is
> working for the user.

Seriously? Please look at
https://bugzilla.mozilla.org/show_bug.cgi?id=790487 regarding that
implementation, which opens up another can of worms (encrypts to {S,C}
key, not encryption key, dual usage of same key material for different
purposes... BAD)

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJU80AlAAoJEP7VAChXwav6EtYH/2s7omGB617SiAYBuBD11izv
+7XErPLC0LMLAYTkxleHwZ2f+CDfL4Tf2g429i3XFYEeX2ysqJxq6vq4DVmbASe6
tEj8JpBRksUQB3FiIlnDrSBD2L8l4NgATeCVimUy8CJ19NoCixR6bVoZarFTKVus
93XS9GmD0wOBc2fWFqu3vnAqmHTaxi8UULtjqHGogEgaq9q2lLd13mbXP9MwX9zw
oqpmiwi86tEZ1KpUc6AHBeEqmbTk1iZJHS4oNOks0OqYmro56fMXkVX1S9zx1lan
fJdhS25d97MLl6yHSdQQGALGGdj+DNihcl77XvY5k8eUmURy13fXuqQf67mY/Us=
=gvNe
-----END PGP SIGNATURE-----