On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > <stefan.cl...@posteo.de> wrote:: > > > > > >Get a sig from a CA and then upload your key via email. > > > > > That's a bit steep, and was never the original goal of PGP or GPG. > > No, in 2018 i think it is not. CA's can be run by non-profit > organizations like EFF etc., which i believe a lot of people trust. > > Then don't forget all the worldwide assurers from CAcert.org. > > > If the goal is to eliminate the bulk of bad keys and junk from key > > servers, an account creation with basic email verification for > > adding or removing keys should suffice. > > I don't think so. Create an anon account at ProtonMail via Tor for > example and then do "funny stuff" with those keys.
My proposal could be run also in parallel. I think it would be only a weekend job for a programmer to modify the server code, so that it accepts only incoming and verified email and not web or GnuPG via Tor submissions. People can then still use the old key servers (until they may become obsolete...) or use keybase. To bad that Werner's WKD is not widely adopted from email service providers... Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
