Garbled data in keyservers

Stefan Claas stefan.claas at
Sun Dec 9 20:03:09 CET 2018

On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote:
> On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users
> wrote:
> > On December 9, 2018 7:54:01 AM EST, Stefan Claas
> > <stefan.claas at> wrote::  
> > >
> > >Get a sig from a CA and then upload your key via email.
> > >    
> > That's a bit steep, and was never the original goal of PGP or GPG.  
> No, in 2018 i think it is not. CA's can be run by non-profit
> organizations like EFF etc., which i believe a lot of people trust.
> Then don't forget all the worldwide assurers from
> > If the goal is to eliminate the bulk of bad keys and junk from key
> > servers, an account creation with basic email verification for
> > adding or removing keys should suffice.  
> I don't think so. Create an anon account at ProtonMail via Tor for
> example and then do "funny stuff" with those keys.

My proposal could be run also in parallel. I think it would be
only a weekend job for a programmer to modify the server code,
so that it accepts only incoming and verified email and not web
or GnuPG via Tor submissions.

People can then still use the old key servers (until they may become
obsolete...) or use keybase.

To bad that Werner's WKD is not widely adopted from email
service providers...



More information about the Gnupg-users mailing list