Garbled data in keyservers
Dirk Gottschalk
dirk.gottschalk1980 at googlemail.com
Sun Dec 9 20:39:07 CET 2018
Hello Stefan.
Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas:
> On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users
> wrote:
> > On December 9, 2018 7:54:01 AM EST, Stefan Claas
> > <stefan.claas at posteo.de> wrote::
> > > Get a sig from a CA and then upload your key via email.
> > >
> > That's a bit steep, and was never the original goal of PGP or GPG.
> No, in 2018 i think it is not. CA's can be run by non-profit
> organizations like EFF etc., which i believe a lot of people trust.
> Then don't forget all the worldwide assurers from CAcert.org.
> > If the goal is to eliminate the bulk of bad keys and junk from key
> > servers, an account creation with basic email verification for
> > adding or removing keys should suffice.
> I don't think so. Create an anon account at ProtonMail via Tor for
> example and then do "funny stuff" with those keys.
There is always a way to abuse things. And a plausibility check on UIDs
would remove the possibility for abusive data encoding in these. I
think that would be a starting point.
Regards,
Dirk
--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181209/2741b706/attachment.sig>
More information about the Gnupg-users
mailing list