> The Upload should be restricted to the key owner in some way.
We restrict upload of user ids to the owner of the user id, identified by email verification. Non-identity data (subkeys, revocations, ...) can be freely distributed, but only with a verified self-signature. Is there any other mechanism you can come up with to allow upload by the owner of some key data or email addresses, but not others? > I didn't consider it until you mentioned ist. A good idea, thanks. Great! I've been getting generally positive feedback about this idea, perhaps we should look into that more seriously. > Theres simply one point: "If you do not want your email to be public, don't > upload your key to a server." What if I upload your key to a server though? Keep in mind this is not just a "nice to have", it is a legal requirement. > In my opinion, the UID is essential for the Keys, except of M2M Usage. > (...) > No. But if I want to sent you an email and want to encrypt it on a > machine with an empty keystore, shouldn't I be able to fetch your key > by Address? Of course! And we do support that, given consent from the owner of an address. Without that, only non-identity data (still enough for M2M) is distributed. > It could be realized by exact match This is exactly what we do. :) - V _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users