On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote: > I wonder why you seem to suggest the US based keybase.io as a better > solution. After all keybase.io is a service which connects private > data to private data of other sites and that all in the public. I > would consider this a real privacy problem compared to a public mail > address on a keyserver with no other associated private data.
(sorry for the late reply, i did not see this message this morning) Well, it is up to the user what he / she publishes on keybase.io besides the public key. He / she is not forced to provide any identity via other web sites etc. Doing this is a method they have implemented as sort of another way of a web of trust, so to speak. Why do i prefer keybase.io over the old key server system? Because i am in control of my public key there, so that nobody can do funny things with my key, like it is possible with the old key servers. If people would like to sign my key they would have to provide me my signed key so that i can upload it to keybase and not like the other way the old key servers let people do, without my approval first. > The mail address is a technical necessity to send mail; mapping the > mail address to a key is a technical necessity to send encrypted > mail. So what keyservers do is to provide a directory of public keys > - in the same way as white pages of the phone systems. Nobody > requires you to enter you phone number / public key into a > directory. But if you want to receive phone calls / encrypted mails > you need to somehow publish this data. You can't remove your name > from white pages either - they used to be printed in sometimes > millions of copies. Understood, but what speaks against a (syncing) public key server system like the old pgp.com key server was, compared to the regular key servers, which don't allow deletion of a key, by the owner and if i remember correctly also only upload by the owner. As it is of now with SKS and Co. i think in 2018 such a key server model does not help for a clean database, which everybody can look up, nor does it help users to protect their keys nor deleting their keys, in case they like to do so. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users