ping - Governikus

Stefan Claas spam.trap.mailing.lists at gmail.com
Wed Nov 4 23:15:17 CET 2020


On Wed, Nov 4, 2020 at 4:54 PM Stefan Claas
<spam.trap.mailing.lists at gmail.com> wrote:

[...]

> Not sure why you don't see this, but let's say you or I would run a popular
> crypto etc. blog on a web page and people would be allowed to reply
> encrypted and you only provide a postal address (P.O.box address) instead
> of a spamable email address, I and probably the majority of readers would
> not need an email address in your UID and they would most likely trust
> your certified pub key more, like I would, compared to a pub key which
> bears no CA signature. There are more examples, but I think my point
> should be clear why people should have the option to get a CA certified
> public key without an email address, so that they can use the pub key
> as a multipurpose key, not bound to an email address, which can always
> change.

Ok. as PoC I created such a key and used NIST guidelines to create the
pbkdf2 hash and also saved as reference the parameters used, in case
I had to send the pub key to another CA. Since Governikus needs an
email address for returning the certified pub key, I used a 'noreply'
disposal email address which (hopefully) everybody can use too.

Additionally I can create a secp256k1 sub key so that I can also
do Bitcoin transactions with my multi purpose key. :-)

I am attaching the key to this message.

The good thing now is in case I had to sign a message here on the ML
I can use this key with this spam address and not get spam with my
new real email address. :-)

Regards
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stefan_claas_multi_purpose_key.asc
Type: application/octet-stream
Size: 1247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201104/8452f3f0/attachment-0001.obj>


More information about the Gnupg-users mailing list