-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/01/2015 05:31 PM, Marco Zehe wrote: > Hi Patrick, > >> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig >> <patr...@enigmail.net>: >> >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email >> to every UID in the key. Each encrypted mail contains a unique >> link to confirm the email address. Once all email addresses are >> confirmed, the key is validated and the keyserver will allow >> access to it just like with any regular keyserver. > > I like this idea very, very much! This is a confirmation that > doesn’t hurt anybody, and it is something that insures on a basic > level, that the key isn’t completely bogus. > > I have seen part of this in a different context in Mozilla’s > Bugzilla, when one uploads one’s public key into the Bugzilla > account to be able to receive security-sensitive messages. After > submitting the form, Bugzilla sends an encrypted message to the > account’s e-mail address, assuming the public key just uploaded > belongs to that address. It doesn’t go as far as requiring > verification via a link, but it definitely confirms if the key is > working for the user.
Seriously? Please look at https://bugzilla.mozilla.org/show_bug.cgi?id=790487 regarding that implementation, which opens up another can of worms (encrypts to {S,C} key, not encryption key, dual usage of same key material for different purposes... BAD) - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "I have always wished that my computer would be as easy to use as my telephone. My wish has come true -- I no longer know how to use my telephone" (Bjarne Stroustrup, April 1999) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU80AlAAoJEP7VAChXwav6EtYH/2s7omGB617SiAYBuBD11izv +7XErPLC0LMLAYTkxleHwZ2f+CDfL4Tf2g429i3XFYEeX2ysqJxq6vq4DVmbASe6 tEj8JpBRksUQB3FiIlnDrSBD2L8l4NgATeCVimUy8CJ19NoCixR6bVoZarFTKVus 93XS9GmD0wOBc2fWFqu3vnAqmHTaxi8UULtjqHGogEgaq9q2lLd13mbXP9MwX9zw oqpmiwi86tEZ1KpUc6AHBeEqmbTk1iZJHS4oNOks0OqYmro56fMXkVX1S9zx1lan fJdhS25d97MLl6yHSdQQGALGGdj+DNihcl77XvY5k8eUmURy13fXuqQf67mY/Us= =gvNe -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users