Wouldn’t it be a nice solution, if key server software had a mechanism for users to verify their UserID by sending a mail to the mail address in question.
Those verified keys then could be prioritized over the not verified keys when a search is done. Could still be faked, but would make faking a lot harder. I assume this has already been discussed on some key server devel list? But have not followed that discussion, so I’m not aware. All the best, steve Am 22.07.2014 um 16:27 schrieb Werner Koch <w...@gnupg.org>: > On Tue, 22 Jul 2014 09:40, enigm...@josuttis.de said: >> More and more we seem to have the problem of faked keys in the key >> servers. This especially applies to "well known" keys such as >> authors of magazines and famous tools. > > This is actually the problem of checking the validity of the key. > Granted, gpg is not smart enough to figure out the best matching key but > that is something which can be fixed. > > A more simple way of tackling this is to use PKA or DANE for key > validation: For sending mail you already need DNS and thus it would be > easy to retrieve the matching key from the DNS. The drawback is that > this must be configured by the key owner and can't be changed by the > sender. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users