Garbled data in keyservers
justina at colmena.biz
Sun Dec 9 18:23:03 CET 2018
On December 9, 2018 7:54:01 AM EST, Stefan Claas <stefan.claas at posteo.de> wrote::
>Get a sig from a CA and then upload your key via email.
That's a bit steep, and was never the original goal of PGP or GPG.
If the goal is to eliminate the bulk of bad keys and junk from key servers, an account creation with basic email verification for adding or removing keys should suffice.
Let's be honest: no one really wants an infrastructure of legally valid or enforceable GPG signatures, either. It's a technical verification that something is very unlikely to be altered if the signature is valid. Any particular overriding legal significance beyond that is unnecessary.
Don't overdo it, please. PGP key servers are not supposed to be "authoritative." They are a convenience to extend an informal web of trust. Let's resist that German urge toward authoritarianism and absolutism, shall we?
Bosses and bullies do not help with privacy, personal digital signatures, or cryptography for personal use. The CA stuff is mostly for business, not personal. The adversaries in that case are pickpockets and credit card skimmers, not major governments and political enemies.
A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.
More information about the Gnupg-users