Hi Patrick, > Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig <patr...@enigmail.net>: > > The idea I have in mind is roughly as follows: if you upload a key to > a keyserver, the keyserver would send an encrypted email to every UID > in the key. Each encrypted mail contains a unique link to confirm the > email address. Once all email addresses are confirmed, the key is > validated and the keyserver will allow access to it just like with any > regular keyserver.
I like this idea very, very much! This is a confirmation that doesn’t hurt anybody, and it is something that insures on a basic level, that the key isn’t completely bogus. I have seen part of this in a different context in Mozilla’s Bugzilla, when one uploads one’s public key into the Bugzilla account to be able to receive security-sensitive messages. After submitting the form, Bugzilla sends an encrypted message to the account’s e-mail address, assuming the public key just uploaded belongs to that address. It doesn’t go as far as requiring verification via a link, but it definitely confirms if the key is working for the user. Marco
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
