On 01/16/2018 11:40 AM, Stefan Claas wrote: > Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand: > >> On 01/15/2018 09:23 PM, Stefan Claas wrote: >>> No? I for one would like to be sure that i am the only person who >>> can upload my public key to a key server directory. >> This seems to be based on a misconception whereby you're attributing >> properties of a certificate authority to the keyservers. OpenPGP already >> has a method for certification from CAs, and that is by providing a >> signature on the appropriate UID on the public keyblock. As long as the >> signature is propagated on the keyserver network, these roles can be >> appropriately isolated and the decision of whether or not to trust a >> specific CA is left to the user performing the trust calculation, >> incidentally also allowing for signatures from multiple CAs. >> > I'm not sure what you are talking about, a language barrier from my > side,sorry. > > The CA in Germany (Governikus) i have used sends me my certified key > back to my > email address and does not publish my pub key on key servers.
I'm not sure how to put it more clearly, but this seems to bring the discussion into very specific territory. OpenPGP as a specification handles this nicely, and whether a CA signature is published publicly or not doesn't change the modus operandus. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "The best way to predict the future is to invent it" (Alan Kay)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
