Hello Stefan. Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > <stefan.cl...@posteo.de> wrote:: > > > Get a sig from a CA and then upload your key via email. > > > > > That's a bit steep, and was never the original goal of PGP or GPG.
> No, in 2018 i think it is not. CA's can be run by non-profit > organizations like EFF etc., which i believe a lot of people trust. > Then don't forget all the worldwide assurers from CAcert.org. > > If the goal is to eliminate the bulk of bad keys and junk from key > > servers, an account creation with basic email verification for > > adding or removing keys should suffice. > I don't think so. Create an anon account at ProtonMail via Tor for > example and then do "funny stuff" with those keys. There is always a way to abuse things. And a plausibility check on UIDs would remove the possibility for abusive data encoding in these. I think that would be a starting point. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users