German ct magazine postulates death of pgp encryption

gnupgpacker gnupgpacker at on.yourweb.de
Mon Mar 2 10:16:01 CET 2015


Hello,

> On Behalf Of Patrick Brunschwig
> Sent: Sunday, March 01, 2015 3:42 PM
> The idea I have in mind is roughly as follows: if you upload a key to
> a keyserver, the keyserver would send an encrypted email to every UID
> in the key. Each encrypted mail contains a unique link to confirm the
> email address. Once all email addresses are confirmed, the key is
> validated and the keyserver will allow access to it just like with any
> regular keyserver.
> This way, we have a simple verification of the access to the private
> the key, as well as access to the email addresses contained in the UID
> by quite a simple means. I would say this is about as reliable as
> sending an email to someone requesting their key.

+1 

This procedure should be implemented in keyservers. 

No CA needed, no centralisation necessary => just verifying of existing AND
proper working email addresses.

Additional:
There are lot of old keys on keyservers not being verified in described
manner.
Those keys (or the newer, verified ones) could be marked with a short hint
on keyservers to differ between verified and not verified email addresses.

Facility of deleting own (!) keys on keyserver wanted for old (revoked,
expired, test, failed...) keys. 

Regards, Chris






More information about the Gnupg-users mailing list