Making the case for smart cards for the average user

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Mar 17 02:05:16 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Tuesday 17 March 2015 at 12:55:51 AM, in
<mid:277590791.20150317005551 at my_localhost>, MFPA (me)  wrote:


> If a user has multiple email
> addresses, does the "automated email verification
> service" send a different encrypted verification link
> to each address, and then only sign the UIDs that the
> user verified? And is there the option to reply to
> email rather than click a link?

Thinking about it, you don't need the user to click a link or to reply
to an email at all. If you sign the UID and enclose the signed copy of
the key in an encrypted email to the address in the UID, they don't
get access to the certification unless they control both the email
address and the key.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Everyone makes mistakes. It is what you do afterwards that counts.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVB33MXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw5RQH+gOihN6EeyIkACvr8sBLNICN
LTYP2F9LROGTdHcK+uA/Gv5oGxC4xQA9Vk4PVVXA9dfnQsRuKHftooYQSUZj8sNu
PHMDcY0cC1TBUfTanINMcFnHh+ptx9tzeJCVgbrO9sAP3OqSNYyu2Fh45soiB/V5
N8zaHIhwTsDFZ9Yg1q+aTDdt6oCgOKTmAsT1CjYm4M2S2YMX8NldOYbCVNA+qlMC
Pe9TeTb3KO3kcg0+HDX6jzmUcX67frHv4KSSi3wjuhkTViAiuN3xzMhMrInZdVN2
P187LGFfIJ1ctJ+7IPLXfyAK9/zU1mk8VzL/ZIRtVfkaG518emx75qy+O/viwiiI
vgQBFgoAZgUCVQd9zF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45OQTAQBq3BANspJwPx9l7dBw7nuXLqj+
1tYWy788Xwrk2yR+fAEALMSrQ3tEjyx2iIbrgaumBIwj9hk9ZZF3n67GqmJVJQQ=
=IlbF
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list