New keyserver at keys.openpgp.org - what's your take?
Vincent Breitmoser
look at my.amazin.horse
Tue Jun 25 17:54:00 CEST 2019
> The Upload should be restricted to the key owner in some way.
We restrict upload of user ids to the owner of the user id, identified by email
verification. Non-identity data (subkeys, revocations, ...) can be freely
distributed, but only with a verified self-signature.
Is there any other mechanism you can come up with to allow upload by the owner
of some key data or email addresses, but not others?
> I didn't consider it until you mentioned ist. A good idea, thanks.
Great! I've been getting generally positive feedback about this idea, perhaps we
should look into that more seriously.
> Theres simply one point: "If you do not want your email to be public, don't
> upload your key to a server."
What if I upload your key to a server though? Keep in mind this is not just
a "nice to have", it is a legal requirement.
> In my opinion, the UID is essential for the Keys, except of M2M Usage.
> (...)
> No. But if I want to sent you an email and want to encrypt it on a
> machine with an empty keystore, shouldn't I be able to fetch your key
> by Address?
Of course! And we do support that, given consent from the owner of an address.
Without that, only non-identity data (still enough for M2M) is distributed.
> It could be realized by exact match
This is exactly what we do. :)
- V
More information about the Gnupg-users
mailing list