allow-non-selfsigned-uid issue with key from keys.openpgp.org that contains no identity information
tlikonen at iki.fi
Thu Aug 1 19:18:23 CEST 2019
Daniel Kahn Gillmor via Gnupg-users [2019-08-01T09:27:45-04] wrote:
> Here's one use case (i've got others if you want):
> * You have my OpenPGP certificate (with userid with e-mail address),
> but it is not published in full publicly because i do not want people
> to be able to find anything related to my e-mail address online.
> * It has an encryption-capable subkey "X" that expires in 1 year, which
> i use to be able to have deletable messages. I will destroy the
> secret component when X expires.
> * As the year draws to a close, i create a new subkey "Y" and i attach
> it to my OpenPGP certificate, and i push the updated certificate to
> an abuse-resistant keystore (like keys.openpgp.org), again declining
> to allow it to publish my e-mail address.
> * After the expiration of "X", you want to send me an encrypted mail
> (as is your habit when mailing me). You follow best practices and
> refresh your keyring (fetching certificate updates by primary key
> fingerprint) from a public, abuse-resistant keystore. Does your
> OpenPGP implementation learn about "Y" when it pulls in the update?
> It should.
To me this sounds very relevant use case and adds one more feature to
the general OpenPGP system. I hope future implementations support
exporting and importing (merging) also partial key block data.
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
/ https://keybase.io/tlikonen https://github.com/tlikonen
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 694 bytes
Desc: not available
More information about the Gnupg-users