On Wednesday 29 July 2015 07:42:34 n...@enigmail.net wrote: > Am 29.07.2015 um 03:30 schrieb MFPA: > > Why not simplify the workflow:- > > > > 1. key reaches validation server. > > > > 2. for each UID containing an email address, validation server creates > > a copy of the key stripped of all other UIDs. > > > > 3. validation server signs that copy of the key. > > > > 4. validation server pastes the signed key into an email, encrypts the > > email to that key, and sends it to the email address in the UID. > > > > 5. user receives each email, decrypts it, and updates their local copy of > > their key. > > > > 6. user uploads key now bearing the validation server's signatures to > > a keyserver. > > > > There is still the same level of assurance that the email address and > > private key are controlled by the same entity. Advantages are:- > > c. Changes to the user's key are uploaded to the keyserver by the > > user, not by the validation server. > > Is this a real benefit?
A possible benefit would be that the user can choose not to upload the validation signatures to the keyservers. With a minor change in step 1 (the key owner uploads his key to the validation server without uploading it to a keyserver) the UID validation would even work for keys which its owner does not want to upload to a public keyserver. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
