DANE (was: mailto with pgp fingerprint)

Are you or is someone working on DANE support for GnuPG? Any schedule? Am 22.07.2014 16:27, Werner Koch schrieb/wrote: > > On Tue, 22 Jul 2014 09:40, enigm...@josuttis.de said: >> More and more we seem to have the problem of faked keys in the >> key servers. This especially applies to "well known

Re: mailto with pgp fingerprint

On Fri, 25 Jul 2014 14:44:54 +0100 MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi > > > On Friday 25 July 2014 at 2:01:28 PM, in > , > Schlacta, Christ wrote: > > > > On Jul 25, 2014 5:30 AM, "MFPA" > > <2014-667rhzu3dc-lists-g

Re: mailto with pgp fingerprint

MFPA wrote: > If I recall correctly, PGP's keyserver "PGP Global Directory" sends an > email to each email address in the uids when a key is submitted, and > only lists those uids whose email address replies. It re-sends these > verification emails every six months, and deletes keys if there is no

Re: mailto with pgp fingerprint

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 25 July 2014 at 3:12:58 PM, in , Thomas Harning wrote: > While PGP Global Directory provides for some basic > level of "this email address belongs to this key"... > its key signing policy leads to "cruft" buildup. Yes, I wasn't prom

Re: mailto with pgp fingerprint

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 25 July 2014 at 2:01:28 PM, in , Schlacta, Christ wrote: > On Jul 25, 2014 5:30 AM, "MFPA" > <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: >> If I recall correctly, PGP's keyserver "PGP Global >> Directory" sends an email to each

Re: mailto with pgp fingerprint

On Jul 25, 2014 5:30 AM, "MFPA" <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi > > > On Wednesday 23 July 2014 at 9:02:23 PM, in > , steve wrote: > > > > Wouldn’t it be a nice solution, if key server software > > had a mechanism for use

Re: mailto with pgp fingerprint

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 23 July 2014 at 9:02:23 PM, in , steve wrote: > Wouldn’t it be a nice solution, if key server software > had a mechanism for users to verify their UserID by > sending a mail to the mail address in question. If I recall correctly,

Re: mailto with pgp fingerprint

On 24/07/14 02:14, Sam Gleske wrote: > I'm hoping keybase.io will hopefully resolve the > issue of identity checking with key fingerprints. I've just scanned through [1]. I'm not convinced. This quote is from the front page: > If you trust the client (our reference client is

Re: mailto with pgp fingerprint

Wouldn’t it be a nice solution, if key server software had a mechanism for users to verify their UserID by sending a mail to the mail address in question. Those verified keys then could be prioritized over the not verified keys when a search is done. Could still be faked, but would make faking a

Re: mailto with pgp fingerprint

I'm hoping keybase.io will hopefully resolve the issue of identity checking with key fingerprints. For example, my keybase account is... https://keybase.io/samrocketman My friends who regularly interact with me on github (and more rarely twitter) as well as the domain(s) I own will help to give m

Re: mailto with pgp fingerprint

On Tue, 22 Jul 2014 09:40, enigm...@josuttis.de said: > More and more we seem to have the problem of faked keys in the key > servers. This especially applies to "well known" keys such as > authors of magazines and famous tools. This is actually the problem of checking the validity of the key. Gran

mailto with pgp fingerprint

More and more we seem to have the problem of faked keys in the key servers. This especially applies to "well known" keys such as authors of magazines and famous tools. In addition, I have the problem that I'd like to use a special reply-to address, which is not listed in the keyservers, but it sho