MUA "automatically signs keys"?

Steve Jones steve at secretvolcanobase.org
Fri Jan 31 17:09:39 CET 2014


On Fri, 31 Jan 2014 16:37:28 +0100
Johannes Zarl <johannes at zarl.at> wrote:

> As far as I understood the original idea, it would use local
> signatures only (preferably done with a special purpose local key
> only used for these signatures).
> 
> If one would export these signatures, that would just DDoS the key
> server infrastructure for no gain.

Well I was thinking of exporting at first, but it's too fraught with
problems. I would in general like to see more use of persona
signatures as certifying keys as good enough. Essentially I see the
requirements for certifying keys as a massive barrier to entry for
common use.

Greater integration of local signatures into mail clients would be
great though, essentially you could use your public key ring as an
address book. Currently none (AFAIK) even offer the security of the SSH
known hosts file of ensuring the same key is used as from the first
contact.

-- 
Steve Jones <steve at secretvolcanobase.org>
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20140131/ef9da6ad/attachment.sig>


More information about the Gnupg-users mailing list