OpenPGP key verification + legal framework
Dirk Gottschalk
dirk.gottschalk1980 at googlemail.com
Tue Nov 6 19:33:06 CET 2018
Hi.
Am Montag, den 05.11.2018, 21:47 +0200 schrieb Viktor:
>
> And we actually not sign keys. From two reasons:
> a. If you automatically trust the signing key, compromising the
> signing key breaks the entire system. b. In many countries,
> generating or signing cryptographic keys requires a license. We
> create a system that should work the same way and legally
> in all countries. And we do not sign key certificates. We only attach
> to them information about the owner of the key, which the user
> manually checks before adding this certificate to his list of
> trusted certificates.
In the EU the use of "qualified" signature is mandatory if it comes to
legal issues. Between private companies it is okay to just use OpenPGP,
but, if it comes to legal issues, one party could deny the validity of
the signature because it is not accepted as a legal signature format,
at least in Germany.
We have the "qualified signature problem" here. In my Opinion a bad
solution, but, the EU is known to make more Bullsh*t as reasonable
things.
Regards,
Dirk
--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181106/38a673d9/attachment.sig>
More information about the Gnupg-users
mailing list