Hi,
to deal with faked keys, some guys had the idea to use
email verification and let then certification servers
take that as "casual signing".
For example:
- Some guy might create a key using a mail client
- That key is then automatically sent by the email client
to a server, which can be used
> to deal with faked keys, some guys had the idea to use email
> verification and let then certification servers take that as "casual
> signing".
I think the first people to do this were at PGP Security (pre-PGP
Corporation; this was when PGP Security was owned by Network
Associates). The PGP Glo
On 8/22/14 11:03 AM, Robert J. Hansen wrote:
The Global Directory may still be running, for all I know.
It is. I have my primary key there if for no other reason than because
it gives me an LDAP server to play with. :)
Doug
___
Gnupg-users mailin
Hmm,
if I try to use keyserver.pgp.com as enigmail key server
it neither accepts public keys I want to upload
nor gives responses to searches of emails I know they have.
Am I missing something or does this key server only
work on a manual copy&paste or upload/download base?
My question was about
On 8/23/14 12:12 AM, Nicolai Josuttis wrote:
if I try to use keyserver.pgp.com as enigmail key server
it neither accepts public keys I want to upload
nor gives responses to searches of emails I know they have.
Am I missing something or does this key server only
work on a manual copy&paste or upl
On 08/22/2014 09:13 AM, Nicolai Josuttis wrote:
> THAT IS, the key server would automatically certify the correctness
> of the association between the key and the email address as casual signing.
as others have noted in this thread, this behavior is what the "PGP
Global Directory" does.
I'm not c
On 22/08/14 18:13, Nicolai Josuttis wrote:
> to deal with faked keys, some guys had the idea to use
> email verification and let then certification servers
> take that as "casual signing".
I take it that a 'faked key' in this context is one associated with an
unverified email address. If I send
Hi,
* Nicolai Josuttis wrote on Fri, 22 Aug 2014, at 18:13 (+0200):
> to deal with faked keys, some guys had the idea to use email
> verification and let then certification servers take that as
> "casual signing". [...] What do you think about this idea?
> Was it ever discussed?
this has alrea
On Sat, 23 Aug 2014 12:56:11 +0200
Philip Jackson wrote:
> - the email address belongs to a person who does control the key and
> he may or may not be the person named in the email address. I am
> risking my secrets with an unknown person. I had better take care of
> the nature of those secrets
On 28/08/14 00:58, Steve Jones wrote:
> On Sat, 23 Aug 2014 12:56:11 +0200
> Philip Jackson wrote:
>
>> - the email address belongs to a person who does control the key and
>> he may or may not be the person named in the email address. I am
>> risking my secrets with an unknown person. I had be
On Thu, 28 Aug 2014 13:12:30 +0200
Philip Jackson wrote:
> Whether or not I want to send secrets to a person depends on lots of
> things. I think at present that I would be unlikely to send any
> important secret by email. I cannot imagine my confidence levels on
> the person's identity or trust
11 matches
Mail list logo
