ping - Governikus
spam.trap.mailing.lists at gmail.com
Wed Nov 4 23:15:17 CET 2020
On Wed, Nov 4, 2020 at 4:54 PM Stefan Claas
<spam.trap.mailing.lists at gmail.com> wrote:
> Not sure why you don't see this, but let's say you or I would run a popular
> crypto etc. blog on a web page and people would be allowed to reply
> encrypted and you only provide a postal address (P.O.box address) instead
> of a spamable email address, I and probably the majority of readers would
> not need an email address in your UID and they would most likely trust
> your certified pub key more, like I would, compared to a pub key which
> bears no CA signature. There are more examples, but I think my point
> should be clear why people should have the option to get a CA certified
> public key without an email address, so that they can use the pub key
> as a multipurpose key, not bound to an email address, which can always
Ok. as PoC I created such a key and used NIST guidelines to create the
pbkdf2 hash and also saved as reference the parameters used, in case
I had to send the pub key to another CA. Since Governikus needs an
email address for returning the certified pub key, I used a 'noreply'
disposal email address which (hopefully) everybody can use too.
Additionally I can create a secp256k1 sub key so that I can also
do Bitcoin transactions with my multi purpose key. :-)
I am attaching the key to this message.
The good thing now is in case I had to sign a message here on the ML
I can use this key with this spam address and not get spam with my
new real email address. :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1247 bytes
Desc: not available
More information about the Gnupg-users