On Thu, 06 Dec 2018 09:03:32 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said: > > > Well, my understanding would be that a least one (search) criteria > > would be needed to fetch a key, right? And if so i could also > > imagine > > Right, the fingerprint. And maybe the long keyid for a transitional > period because not all software already includes the fingerprint in > the signature.
O.k. > > that this one criteria could be abused as well, in form of a given > > link to that resource, as long as it can be fetched via the web. > > Being able to search for a fingerprint does not allow you to search > for the latest blockbuster movie to get a torrent link. Thus there > is no incentive to use the keyservers as an index and running a > keyserver will be safer for most operators. Well, i am not familiar how the current warez etc. scene works, but my assumption was the following (o.k. i am no programmer...): As long as we have the option to add additional UID's to a key my thinking was, after reading the links from Yegor, that one appends arbitrary data to a key and provides a link, at some other place, to that key, in the form of URL://keyserver/keyid_or_fp. People then would only need a little program to dearmor and extract the data from that key UID's. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas
pgpaJFRDsGbGS.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
