Garbled data in keyservers
dirk.gottschalk1980 at googlemail.com
Sun Dec 9 20:39:07 CET 2018
Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas:
> On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users
> > On December 9, 2018 7:54:01 AM EST, Stefan Claas
> > <stefan.claas at posteo.de> wrote::
> > > Get a sig from a CA and then upload your key via email.
> > >
> > That's a bit steep, and was never the original goal of PGP or GPG.
> No, in 2018 i think it is not. CA's can be run by non-profit
> organizations like EFF etc., which i believe a lot of people trust.
> Then don't forget all the worldwide assurers from CAcert.org.
> > If the goal is to eliminate the bulk of bad keys and junk from key
> > servers, an account creation with basic email verification for
> > adding or removing keys should suffice.
> I don't think so. Create an anon account at ProtonMail via Tor for
> example and then do "funny stuff" with those keys.
There is always a way to abuse things. And a plausibility check on UIDs
would remove the possibility for abusive data encoding in these. I
think that would be a starting point.
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the Gnupg-users