OpenPGP key verification + legal framework
ageyev at gmail.com
Mon Nov 5 20:47:28 CET 2018
On 05/11/2018 21:12, Juergen Bruckner wrote:
> If I want an "independent" ID verification on my GPG key, I can also use
> CAcert. There the signing of GPG keys is offered for a long time.
Signing is easy. The difficult part is 1) to create a system in which
you can prove that the key really belongs to the user specified in the
userID 2) to make contracts singed by verified key legally recognizable
We are working on 1) and 2)
For 1) I mean the case when users has signed a document or contract, and
after that this user claims that the signature was not made by his key.
In such case, I think signing keys on 'key signing party' is not
reliable. There must be a known key verification procedure, and a
permanent repository of information and documents that were used to
verify the key.
And we actually not sign keys. From two reasons:
a. If you automatically trust the signing key, compromising the signing
key breaks the entire system.
b. In many countries, generating or signing cryptographic keys requires
a license. We create a system that should work the same way and legally
in all countries. And we do not sign key certificates. We only attach to
them information about the owner of the key, which the user manually
checks before adding this certificate to his list of trusted certificates.
> best regards
> Am 05.11.18 um 18:03 schrieb Damien Goutte-Gattat via Gnupg-users:
>> On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
>>> I just tried to register with a key who has several user-ID's
>>> (e-mail-adresses) and I always got the error that the user-ID is not the
>>> same as in log-in/registered e-mail.
>> From what they say on the home page  this is expected: your key is
>> supposed to have only one user ID whose email component must match
>> the email address of your Google account...
>> ... which, by the way, is a big "no" for me. :/
>>  https://cryptonomica.net/#!/
>>> To become member of Cryptonomica:
>>> Public PGP Key should have one user ID with first name, last
>>> name and user e-mail. E-mail in the key should be the same as in
>>> Google account, that you use to login to Cryptonomica server.
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users