Garbled data in keyservers

Dirk Gottschalk dirk.gottschalk1980 at
Sun Dec 9 20:39:07 CET 2018

Hello Stefan.

Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas:
> On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users
> wrote:
> > On December 9, 2018 7:54:01 AM EST, Stefan Claas
> > <stefan.claas at> wrote::
> > > Get a sig from a CA and then upload your key via email.
> > >  
> > That's a bit steep, and was never the original goal of PGP or GPG.

> No, in 2018 i think it is not. CA's can be run by non-profit
> organizations like EFF etc., which i believe a lot of people trust.

> Then don't forget all the worldwide assurers from

> > If the goal is to eliminate the bulk of bad keys and junk from key
> > servers, an account creation with basic email verification for
> > adding or removing keys should suffice.

> I don't think so. Create an anon account at ProtonMail via Tor for
> example and then do "funny stuff" with those keys.

There is always a way to abuse things. And a plausibility check on UIDs
would remove the possibility for abusive data encoding in these. I
think that would be a starting point.


Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Gnupg-users mailing list