allow-non-selfsigned-uid issue with key from keys.openpgp.org that contains no identity information
Playfair
playfair at riseup.net
Fri Aug 2 13:50:15 CEST 2019
On 8/1/19 4:13 PM, David wrote:
> Playfair via Gnupg-users:
>> If keys.openpgp.org won't publish a user ID other than a verified email
>> address, is its only recourse to remove the user ID? Could it instead
>> substitute the hex key ID, fingerprint or a dummy string like "User ID
>> not verified"? If it can't, is there any benefit in publishing a
>> mutilated key people can't use? Just reject it.
>
> Why upload a key to a keyserver with no email address? What's the point
> of doing that?
The point of doing that is to permit people who obtain my key through
other channels, say directly from me, to periodically refresh it. When
I revoke my key or change the expiration date, the fact will be
communicated to holders of my public key, at least to those who refresh
their key rings.
> You cant send an encrypted email to it - unless your
> given the email first -will it work to encrypt to a publlic key with no
> email?
Of course it works. A correspondent has only to select my public key
when sending me email. Easier still is for her to create an Enigmail
PRR associating my key with my email address or addresses. That makes
key selection automatic.
> Keyservers should have strict rules on public keys - all to have a valid
> email a validation email sent back - then confirmed and that public key
> is then available. No identity available - simple - reject the key.
Sounds to me like you expect a key server to double as a CA.
Chuck
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190802/9a6f8276/attachment.sig>
More information about the Gnupg-users
mailing list