On Wed, 17 Jan 2018 09:42:07 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:
>
> > users who uploaded their public keys on key servers would not
> > reveal that they know each other as shown with their signatures,
> > which the classical WoT somehow requires,
On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:
> users who uploaded their public keys on key servers would not
> reveal that they know each other as shown with their signatures,
> which the classical WoT somehow requires, instead of using local sigs.
I do not know most of the people
On 01/16/2018 11:40 AM, Stefan Claas wrote:
> Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
>
>> On 01/15/2018 09:23 PM, Stefan Claas wrote:
>>> No? I for one would like to be sure that i am the only person who
>>> can upload my public key to a key server directory.
>> This seems to be
On 01/16/2018 08:37 PM, Stefan Claas wrote:
>> I know, but keybase.io's goal is (or was, back when I tested it) to
>> use those connections to somehow prove an identity. It is a neat
>> idea for the facebook generation. Privacy is something different.
> Agreed. But the word privacy would then
On Tue, 16 Jan 2018 19:51:17 +0100, Werner Koch wrote:
> We definitely want to refine some things there but that requires a
> wider deployment.
I will for sure follow the WKD development and hope that also more
mail providers will offer a WKD service.
> > i have with posteo's WKD
On Tue, 16 Jan 2018 19:36:30 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:
>
> > the public key. He / she is not forced to provide any identity via
> > other web sites etc. Doing this is a method they have implemented
> > as sort
>
> I know, but
On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:
> the public key. He / she is not forced to provide any identity via other
> web sites etc. Doing this is a method they have implemented as sort
I know, but keybase.io's goal is (or was, back when I tested it) to use
those connections to
> Understood, but what speaks against a (syncing) public key server
> system like the old pgp.com key server was, compared to the regular
> key servers, which don't allow deletion of a key, by the owner and if
> i remember correctly also only upload by the owner.
The pgp.com keyserver had some
On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:
> On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:
>
> > O.k. Werner invented WKD which solves those problems, if i'm not
> > mistaken, but is it besides keybase.io widely deployed?
>
> Nope. The Web Key Directory solves exactly
> O.K. than it is a feature request. You also triggered something in me
> with the words "which you think belongs to you".
That's because you think information *does* belong to you. But
information doesn't belong to anyone: the nature of information is that
it has no owners. You can place
On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:
> I wonder why you seem to suggest the US based keybase.io as a better
> solution. After all keybase.io is a service which connects private
> data to private data of other sites and that all in the public. I
> would consider this a real
Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
On 01/15/2018 09:23 PM, Stefan Claas wrote:
No? I for one would like to be sure that i am the only person who
can upload my public key to a key server directory.
This seems to be based on a misconception whereby you're attributing
On 01/15/2018 09:23 PM, Stefan Claas wrote:
> No? I for one would like to be sure that i am the only person who
> can upload my public key to a key server directory.
This seems to be based on a misconception whereby you're attributing
properties of a certificate authority to the keyservers.
Am 16.01.2018 um 10:18 schrieb Werner Koch:
On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:
and add some funny things to "your" public key. This would be
also interesting to see how many signatures a public key can bear.
You may look at my key to see funny things and thousands of key
On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:
> and add some funny things to "your" public key. This would be
> also interesting to see how many signatures a public key can bear.
You may look at my key to see funny things and thousands of key
signatures from made up users. They print
Am 16.01.2018 um 00:32 schrieb Robert J. Hansen:
(Responding here because Stefan's message hasn't hit my mail server yet)
My previous message to you and the list was bounced from your mail server.
It's from 2003. It doesn't need modernization.
No? I for one would like to be sure that i am
On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:
> O.k. Werner invented WKD which solves those problems, if i'm not
> mistaken, but is it besides keybase.io widely deployed?
Nope. The Web Key Directory solves exactly one problem: How to
initially map a mail address to a key. This
(Responding here because Stefan's message hasn't hit my mail server yet)
>>> It's from 2003. It doesn't need modernization.
>>
>> No? I for one would like to be sure that i am the only person who can
>> upload my public key to a key server directory.
Which is not a modernization issue. It's a
> On 15 Jan 2018, at 21:13, Matthias Mansfeld
> wrote:
>
> could this be implemented in a way that the _upload_ (not the
> spreading between keyservers) requires signing? (unless it is a
> revocation certificate)?
So long as there is one keyserver
On 15 Jan 2018 at 21:23, Stefan Claas wrote:
> On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > > How long do we have now those old fashioned key servers
> >
> > SKS came out in 2003. It largely replaced PKS, which was widely
> > considered old and broken. SKS was Yaron
On 15 Jan 2018 at 18:53, Andrew Gallagher wrote:
>
> > On 15 Jan 2018, at 16:39, Stefan Claas
> > wrote:
> >
> > Maybe we need (a court) case were a PGP user requests the removal of
> > his / her keys until the operators and code maintainers wake up?
>
> You also need
On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > How long do we have now those old fashioned key servers
>
> SKS came out in 2003. It largely replaced PKS, which was widely
> considered old and broken. SKS was Yaron Minsky's Ph.D thesis,
> wherein he developed some really
> Correct, but would it be really a big loss if we would loose all the
> old fashioned key servers tomorrow? For me not.
I personally know Syrians and Iranians who have given me bear hugs at
conferences when they hear I'm involved with GnuPG, Enigmail, and am on
the periphery of SKS. A common
> How long do we have now those old fashioned key servers
SKS came out in 2003. It largely replaced PKS, which was widely
considered old and broken. SKS was Yaron Minsky's Ph.D thesis, wherein
he developed some really cutting-edge math to make key sync fast and
reliable.
"Old-fashioned" is not
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
Already happened back in 2010.
https://lists.nongnu.org/archive/html/sks-devel/2010-09/msg9.html
___
> I was just thinking, would it be possible to have a tag (a UID with
> special meaning, like “please-remove...@srs-keyservers.net”?) for which
> the signature would be verified by the keyserver, and that would cause
> it to drop everything from its storage apart from this tag?
Nope. SKS has no
On Mon, 15 Jan 2018 18:53:26 +, Andrew Gallagher wrote:
> > On 15 Jan 2018, at 16:39, Stefan Claas
> > wrote:
> >
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?
>
>
On Mon, 15 Jan 2018 19:47:39 +0100, Peter Lebbing wrote:
> On 15/01/18 17:39, Stefan Claas wrote:
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?
>
> Wow, you're entertaining an interesting notion
> On 15 Jan 2018, at 16:39, Stefan Claas wrote:
>
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
You also need to prove that removal is technically possible. Otherwise all that
On 15/01/18 17:39, Stefan Claas wrote:
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
Wow, you're entertaining an interesting notion of what is "needed"!
Let's hope most people will just let keyserver
sing in 2005 was labeled
> as "Remove public key from keyserver No.74"
>
>
> Sent: Monday, January 15, 2018 at 4:14 PM
> From: "Leo Gaspard" <l...@gaspard.io>
> To: gnupg-users@gnupg.org
> Subject: Remove public key from keyserver (was: Re: Hide U
> That said I guess ideas like this have already
> likely been discussed before?
Good luck with that, the similar discussing has
been hold years and nothing ever changed. Last
time I checked, a discussing in 2005 was labeled
as "Remove public key from keyserver No.74"
Sent: Mo
On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove
>> anything from the public key server, You are
>> wondering if you can add something to it -- for
>> example, add another 100 of UIDs with other
>> people's real name and emails so people can not
>> find out which one is
33 matches
Mail list logo