Garbled data in keyservers

Stefan Claas stefan.claas at posteo.de
Sun Dec 9 20:03:09 CET 2018


On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote:
> On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users
> wrote:
> > On December 9, 2018 7:54:01 AM EST, Stefan Claas
> > <stefan.claas at posteo.de> wrote::  
> > >
> > >Get a sig from a CA and then upload your key via email.
> > >    
> > That's a bit steep, and was never the original goal of PGP or GPG.  
> 
> No, in 2018 i think it is not. CA's can be run by non-profit
> organizations like EFF etc., which i believe a lot of people trust.
> 
> Then don't forget all the worldwide assurers from CAcert.org.
> 
> > If the goal is to eliminate the bulk of bad keys and junk from key
> > servers, an account creation with basic email verification for
> > adding or removing keys should suffice.  
> 
> I don't think so. Create an anon account at ProtonMail via Tor for
> example and then do "funny stuff" with those keys.

My proposal could be run also in parallel. I think it would be
only a weekend job for a programmer to modify the server code,
so that it accepts only incoming and verified email and not web
or GnuPG via Tor submissions.

People can then still use the old key servers (until they may become
obsolete...) or use keybase.

To bad that Werner's WKD is not widely adopted from email
service providers...

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list