keys require a user-id

Werner Koch wk at
Mon May 18 08:14:14 CEST 2020

On Sun, 17 May 2020 10:48, Vincent Breitmoser said:

> 1. Without consent, we don't distribute email addresses.

And by that changing the distributed system of keyservers into a
centralized key database like PGP tried this with their Universal
Server.  Which unavoidable will change OpenPGP to a centralized systems.
If you want that use X.509 or to get complete centralization use Signal.

> 2. We want to distribute revocations and subkey updates regardless.

Go readup on the failures and impracticalities of CRLs and OCSP.

> GnuPG upstream rejects such updates. Conretely, if you hand a primary
> key with only a revocation signature to GnuPG, it will parse the
> revocation, verify that it is cryptographically valid, and then throw

There is a simple reason for that: You don't want to type in an entire
keyblock in the case you need to revoke your key and you only got the
printout of the revocation certificate.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list