Garbled data in keyservers

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Sun Dec 9 18:34:54 CET 2018 

Hello Justina

Am Sonntag, den 09.12.2018, 08:23 -0900 schrieb justina colmena via
Gnupg-users:
> On December 9, 2018 7:54:01 AM EST, Stefan Claas <
> stefan.claas at posteo.de> wrote::
> > Get a sig from a CA and then upload your key via email.
> > 
> That's a bit steep, and was never the original goal of PGP or GPG.

Correct.


> If the goal is to eliminate the bulk of bad keys and junk from key
> servers, an account creation with basic email verification for adding
> or removing keys should suffice.

That's something I thought about, too.


> Let's be honest: no one really wants an infrastructure of legally
> valid or enforceable GPG signatures, either. It's a technical
> verification that something is very unlikely to be altered if the
> signature is valid. Any particular overriding legal significance
> beyond that is unnecessary.

Legal significcance is one point and it's to complicated in many
countries.


> Don't overdo it, please. PGP key servers are not supposed to be
> "authoritative." They are a convenience to extend an informal web of
> trust. Let's resist that German urge toward authoritarianism and
> absolutism, shall we?

Yeah, RIGHT! As a German I say, this urge in Germany and even in Europe
is totally silly at all. They are making an A 380 out of a duck, so to
say. Or like we call it in germany: "eine Mücke zu einem Elefanten
machen".


> Bosses and bullies do not help with privacy, personal digital
> signatures, or cryptography for personal use. The CA stuff is mostly
> for business, not personal. The adversaries in that case are
> pickpockets and credit card skimmers, not major governments and
> political enemies.

Right, but, to be honest, in some cases a GPG signature should be even
enough to prove the origin in a legal way. Some countries accept this
already, but not in silly old europe. Okay, EU sucks, but that's
another topic.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181209/86719247/attachment.sig>

More information about the Gnupg-users mailing list