German ct magazine postulates death of pgp encryption
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Sun Mar 1 17:36:57 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 03/01/2015 05:31 PM, Marco Zehe wrote:
> Hi Patrick,
>
>> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig
>> <patrick at enigmail.net>:
>>
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow
>> access to it just like with any regular keyserver.
>
> I like this idea very, very much! This is a confirmation that
> doesn’t hurt anybody, and it is something that insures on a basic
> level, that the key isn’t completely bogus.
>
> I have seen part of this in a different context in Mozilla’s
> Bugzilla, when one uploads one’s public key into the Bugzilla
> account to be able to receive security-sensitive messages. After
> submitting the form, Bugzilla sends an encrypted message to the
> account’s e-mail address, assuming the public key just uploaded
> belongs to that address. It doesn’t go as far as requiring
> verification via a link, but it definitely confirms if the key is
> working for the user.
Seriously? Please look at
https://bugzilla.mozilla.org/show_bug.cgi?id=790487 regarding that
implementation, which opens up another can of worms (encrypts to {S,C}
key, not encryption key, dual usage of same key material for different
purposes... BAD)
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU80AlAAoJEP7VAChXwav6EtYH/2s7omGB617SiAYBuBD11izv
+7XErPLC0LMLAYTkxleHwZ2f+CDfL4Tf2g429i3XFYEeX2ysqJxq6vq4DVmbASe6
tEj8JpBRksUQB3FiIlnDrSBD2L8l4NgATeCVimUy8CJ19NoCixR6bVoZarFTKVus
93XS9GmD0wOBc2fWFqu3vnAqmHTaxi8UULtjqHGogEgaq9q2lLd13mbXP9MwX9zw
oqpmiwi86tEZ1KpUc6AHBeEqmbTk1iZJHS4oNOks0OqYmro56fMXkVX1S9zx1lan
fJdhS25d97MLl6yHSdQQGALGGdj+DNihcl77XvY5k8eUmURy13fXuqQf67mY/Us=
=gvNe
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list