More and more we seem to have the problem of faked keys in the key servers. This especially applies to "well known" keys such as authors of magazines and famous tools.
In addition, I have the problem that I'd like to use a special reply-to address, which is not listed in the keyservers, but it should be easy to associate that with a (known) public key. So, I was wondering whether it is possible to force somehow the usage of a specific pgp key identified by its fingerprint. One obvious approach might be to extend the mailto format (see http://www.rfc-editor.org/rfc/rfc2368.txt). I was wondering whether it make sense to standardize something like > <mailto:n...@josuttis.de?pgp=EA25EF48BF2001E41FAB0C1CDEF9FC808A1C44D0> or > > <mailto:n...@josuttis.de?pgpfp=EA25EF48BF2001E41FAB0C1CDEF9FC808A1C44D0> so that we can provide elements in websites and emails that force mailers to automatically choose the right public key (either from internal list or from key servers). The semantics would be: - use the passed pgp key with the following email address Mailers/PGP-tools could even use this to update their key rings. (but with appropriate interaction and/or warning/error handling, because this can be a simple security hole if a link just would assign faked associated keys.). We could even use a syntax like: >> <mailto:?pgp=EA25EF48BF2001E41FAB0C1CDEF9FC808A1C44D0> or >> <mailto:?pgpfp=EA25EF48BF2001E41FAB0C1CDEF9FC808A1C44D0> to force the usage of a pgp key and derive the email address from there. Questions: - Would such a thing make sense or am I missing something? - Is there even something like that already there or on the way? - If not, is somebody familiar with the process or even willing to propose this as a RFC? - Other thoughts? And BTW, if this is too much out of scope of GnuPG issues: - What would be the right place to discuss such a thing? Best Nico -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users