Houston, we have a problem

Stefan Claas stefan.claas at posteo.de
Thu Sep 21 23:37:01 CEST 2017


On Thu, 21 Sep 2017 23:11:23 +0200, Ralph Seichter wrote:
> On 21.09.17 22:37, Stefan Claas wrote:
> 
> > If i would be a programmer of software like GnuPG, my software would
> > not allow to receive unwanted signatures on my pub key, nor would it
> > allow that someone else can fake a sig on someone else's pub key
> > with my key-id.  
> 
> If you can solve the design problem of having a decentralised key
> infrastucture, the ability for everyone to create and sign keys
> without third party involvement, and the detection/prevention of
> "fake" sigs (whatever fake may mean), I'm sure we all would be
> interested. ;-)

Long ago when we had a discussion here on the Mailing List on
how to prevent unwanted signatures i made a proposal that
signing someone's public key should work similar to revocation
certificates. If you would like to sign my pub key you had to
send me a, let's call it, Signature Request Certificate, if i accept
it i enter my passphrase and then the Software would extract
the needed signature bits from the request cert and add those
bits to my pub key. Like i said i'm no programmer and can't
therefore test if such a feature proposal would work.

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list