German ct magazine postulates death of pgp encryption
Christoph Anton Mitterer
calestyo at scientia.net
Tue Mar 3 16:48:31 CET 2015
On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote:
> The PGP keyservers need email validation
no it's pretty useless from a security POV and they don't need it.
> not as a way to provide any kind of "trusted" status of that key, but
> rather so enable people to delete keys that should no longer be there,
> and to prevent keyserver spam and vandalism.
Unfortunately it seems that you miss(understand) some of the basic
paradigms of security here:
Actually the opposite is the case - removing keys from the keyservers
(even if they're allegedly spam) would be a big security compromise of
the whole system, as potentially important information (revocation
certs, valid keys, etc.) would be removed as well.
And who should in the end decide which key respectively which identity
is valid?
For there may be many Richard Stallmans, and if even such famous person
uses an address like stallman at gmail.com, he could later give it up and
someone else takes it (or vice-versa).
If such keys would then considered spam,... then good night.
> Another common scenario is that people make mistakes when learning how
> to use PGP. There is a common mistake of generating a key to play
> with, publishing to the keyserver, then deleting.
While that's unfortunate... it's part of the game and as long as you
aren't a keyserver operator/developer this shouldn't make you any
concerns - unless of course you use the keyservers to authenticate (i.e.
only one Richard Stallman -> that must be him) ... but then you're
doomed anyway and no one will, should or could help you.
> That is terrible both security-wise because
Actually the contrary as laid out above.
For that reasons the keyserver used to generally refuse removal of keys
for years, and exceptions where only made on selective servers and then
only to obey some stupid laws which actually degrade security here.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150303/60775e96/attachment.bin>
More information about the Gnupg-users
mailing list