Remove public key from keyserver

Werner Koch wk at gnupg.org
Tue Jan 16 08:52:44 CET 2018


On Mon, 15 Jan 2018 20:21, stefan.claas at posteo.de said:

> O.k. Werner invented WKD which solves those problems, if i'm not
> mistaken, but is it besides keybase.io widely deployed?

Nope.  The Web Key Directory solves exactly one problem: How to
initially map a mail address to a key.  This directory is hosted by the
provider of the mail address because that is the only entity which
controls the mail address.  Once this mail address has been mapped
keyservers can be used to get revocations and updates of the key.

Unfortunately it is not yet widely supported; you can help to make it
better known.

I wonder why you seem to suggest the US based keybase.io as a better
solution.  After all keybase.io is a service which connects private data
to private data of other sites and that all in the public.  I would
consider this a real privacy problem compared to a public mail address
on a keyserver with no other associated private data.

The mail address is a technical necessity to send mail; mapping the mail
address to a key is a technical necessity to send encrypted mail.  So
what keyservers do is to provide a directory of public keys - in the
same way as white pages of the phone systems.  Nobody requires you to
enter you phone number / public key into a directory.  But if you want
to receive phone calls / encrypted mails you need to somehow publish
this data.  You can't remove your name from white pages either - they
used to be printed in sometimes millions of copies.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180116/19ca5526/attachment.sig>


More information about the Gnupg-users mailing list