OpenPGP key verification + legal framework

Viktor ageyev at gmail.com
Mon Nov 5 20:47:28 CET 2018 


On 05/11/2018 21:12, Juergen Bruckner wrote:
> If I want an "independent" ID verification on my GPG key, I can also use
> CAcert. There the signing of GPG keys is offered for a long time.

Signing is easy. The difficult part is 1) to create a system in which 
you can prove that the key really belongs to the user specified in the 
userID 2) to make contracts singed by verified key legally recognizable 
and enforceable.
We are working on 1) and 2)

For 1) I mean the case when users has signed a document or contract, and 
after that this user claims that the signature was not made by his key.
In such case, I think signing keys on 'key signing party' is not 
reliable. There must be a known key verification procedure, and a 
permanent repository of information and documents that were used to 
verify the key.

And we actually not sign keys. From two reasons:
a. If you automatically trust the signing key, compromising the signing 
key breaks the entire system.
b. In many countries, generating or signing cryptographic keys requires 
a license. We create a system that should work the same way and legally 
in all countries. And we do not sign key certificates. We only attach to 
them information about the owner of the key, which the user manually 
checks before adding this certificate to his list of trusted certificates.

Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net


> 
> best regards
> Juergen
> 
> Am 05.11.18 um 18:03 schrieb Damien Goutte-Gattat via Gnupg-users:
>> Hi,
>>
>> On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
>>> I just tried to register with a key who has several user-ID's
>>> (e-mail-adresses) and I always got the error that the user-ID is not the
>>> same as in log-in/registered e-mail.
>>
>>  From what they say on the home page [1] this is expected: your key is
>> supposed to have only one user ID whose email component must match
>> the email address of your Google account...
>>
>> ... which, by the way, is a big "no" for me. :/
>>
>>
>> Damien
>>
>>
>> [1] https://cryptonomica.net/#!/
>>
>>> To become member of Cryptonomica:
>>> [...]
>>> Public PGP Key should have one user ID with first name, last
>>> name and user e-mail. E-mail in the key should be the same as in
>>> Google account, that you use to login to Cryptonomica server.
>>>
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

More information about the Gnupg-users mailing list