Remove public key from keyserver
Stefan Claas
stefan.claas at posteo.de
Wed Jan 17 16:20:52 CET 2018
On Wed, 17 Jan 2018 09:42:07 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 20:37, stefan.claas at posteo.de said:
>
> > users who uploaded their public keys on key servers would not
> > reveal that they know each other as shown with their signatures,
> > which the classical WoT somehow requires, instead of using local
> > sigs.
>
> I do not know most of the people whose key I signed in the last 25
> year. For a long time I had the policy to sign keys only after having
> seen an identity card in real life. That policy was my own - others
> may have different policies. I have also noticed quite some
> signature on my key From people I definitely never had met (even
> before the fun signature think started).
Thanks for pointing this out. When looking in the past on sigs, via
WWW key servers i always had the impression that people do a lot
of "fan" signing, thus making the classical WoT somewhat untrustworthy
to me, because those fans have never met you or others in person.
Should we ever see a new key server model, replacing the current one,
and only owners can upload their keys i think this would help to
eliminate those fan sigs too, which IMHO have no weight, unless of
course the owner of that key with fan sigs would also verify and sign
those signers.
> Thus the conclusion that a key signature indicates that the owners of
> those keys know each other is not correct. Modulo some definition of
> "know".
Maybe a sig4 = family, long time friends which does not involve
verification of ID card documents. ... :-)
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list