keys require a user-id

Werner Koch wk at gnupg.org
Mon May 18 08:14:14 CEST 2020


On Sun, 17 May 2020 10:48, Vincent Breitmoser said:

> 1. Without consent, we don't distribute email addresses.

And by that changing the distributed system of keyservers into a
centralized key database like PGP tried this with their Universal
Server.  Which unavoidable will change OpenPGP to a centralized systems.
If you want that use X.509 or to get complete centralization use Signal.

> 2. We want to distribute revocations and subkey updates regardless.

Go readup on the failures and impracticalities of CRLs and OCSP.

> GnuPG upstream rejects such updates. Conretely, if you hand a primary
> key with only a revocation signature to GnuPG, it will parse the
> revocation, verify that it is cryptographically valid, and then throw

There is a simple reason for that: You don't want to type in an entire
keyblock in the case you need to revoke your key and you only got the
printout of the revocation certificate.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200518/2bfa6075/attachment.sig>


More information about the Gnupg-users mailing list