Key Discovery Made Simple
John Hein
3pfwunbu7j at snkmail.com
Tue Aug 30 18:04:38 CEST 2016
Werner Koch wrote at 16:39 +0200 on Aug 30, 2016:
> Hi,
>
> I just published a writeup on how to setup the Web Key Service at
> https://gnupg.org/blog/20160830-web-key-service.html
>
> A plain text copy is below. If you have comments, please send them as
> reply.
Nice writeup.
Maybe add some _brief_ words about trust. We understand how
keyservers can provide an "invalid" key. This is a tad bit more
elaborate, but could still be abused.
The thing about trust for the laymen is that it'd be nice if there was
a short not overly technical presentation about how various methods
can be compromised and how to be reasonably sure about safety. So
that the user can decide about when and how they might want to do
additional vetting.
Someone could set up an https://wernerkoch.info with a bogus key, send
out an email impersonating Werner and pointing to that web service,
right?
More information about the Gnupg-users
mailing list