On Thu, 21 Sep 2017 23:11:23 +0200, Ralph Seichter wrote: > On 21.09.17 22:37, Stefan Claas wrote: > > > If i would be a programmer of software like GnuPG, my software would > > not allow to receive unwanted signatures on my pub key, nor would it > > allow that someone else can fake a sig on someone else's pub key > > with my key-id. > > If you can solve the design problem of having a decentralised key > infrastucture, the ability for everyone to create and sign keys > without third party involvement, and the detection/prevention of > "fake" sigs (whatever fake may mean), I'm sure we all would be > interested. ;-)
Long ago when we had a discussion here on the Mailing List on how to prevent unwanted signatures i made a proposal that signing someone's public key should work similar to revocation certificates. If you would like to sign my pub key you had to send me a, let's call it, Signature Request Certificate, if i accept it i enter my passphrase and then the Software would extract the needed signature bits from the request cert and add those bits to my pub key. Like i said i'm no programmer and can't therefore test if such a feature proposal would work. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users