ping - Governikus
spam.trap.mailing.lists at gmail.com
Sun Nov 1 00:45:32 CET 2020
It is required and also automatically checked that my name 'Stefan Claas'
in the UID matches the name in my ID-card. If I would enter in my pub key
for example 'Paul Claas' or 'Stefan Class' as UID then my pub key would
not be signed. They use the email address IMHO only to submit your
certified pub key to your email account.
I am aware that there is a second 'Stefan Claas' living in Germany
but he would not have the same fingerprint as I would have. In case
of doubt people could always prove to third parties, if requested,
that one is the actual key holder, with a simple challenge/response.
On Sat, Oct 31, 2020 at 10:31 PM Andrew Gallagher <andrewg at andrewg.com> wrote:
> > On 31 Oct 2020, at 18:46, Stefan Claas via Gnupg-users <gnupg-users at gnupg.org> wrote:
> > I would like to make the following proposal that users using
> > your certification service have the ability to upload pub keys
> > for signing, which do not require an email address in the UID
> > and that such public keys can be mailed on digital media
> > to the (in a provided submission form) postal address.
> What is governikus certifying if there’s nothing identifiable in the user id? What use is it to a third party to see such a signature on a key?
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users