keys require a user-id
Werner Koch
wk at gnupg.org
Mon May 18 08:14:14 CEST 2020
On Sun, 17 May 2020 10:48, Vincent Breitmoser said:
> 1. Without consent, we don't distribute email addresses.
And by that changing the distributed system of keyservers into a
centralized key database like PGP tried this with their Universal
Server. Which unavoidable will change OpenPGP to a centralized systems.
If you want that use X.509 or to get complete centralization use Signal.
> 2. We want to distribute revocations and subkey updates regardless.
Go readup on the failures and impracticalities of CRLs and OCSP.
> GnuPG upstream rejects such updates. Conretely, if you hand a primary
> key with only a revocation signature to GnuPG, it will parse the
> revocation, verify that it is cryptographically valid, and then throw
There is a simple reason for that: You don't want to type in an entire
keyblock in the case you need to revoke your key and you only got the
printout of the revocation certificate.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200518/2bfa6075/attachment.sig>
More information about the Gnupg-users
mailing list