Hello Martin,
so I think these people want to make it as easy as possible for others
to get the public key. I also make my keys available on my website and
via WKD and DNS.
From my point of view it is also a kind of security for people who want
to write to me that they have my real key - and
Hello Vincent,
Ok - that is clear now. I never had the idea to get a "whole list"
from a key server but I didn't understand why people let access their
key only on their own website.
Martin
Thursday, February 2, 2023, 9:45:53 PM, you wrote:
>> Could you please explain this, I don't
Hi Martin,
Could you please explain this, I don't understand really. So there are
public and no public keys on the this key-server? Who decides that a
key is public or non-public? Who or how can I request a non-public
key?
Sorry, that wasn't as clear as it could have been. There are no
Hello Vincent,
Thursday, February 2, 2023, 12:41:48 PM, you wrote:
> For traditional (sks-style) keyservers, it is true that the list of all
> certificates
> and email addresses is public, and must be by design. For keys.openpgp.org
> specifically, this full list is not public and never will be
Hey list,
Keyserver records are public and spammers can scan those
Just quickly noting, since keys.openpgp.org was mentioned at the
beginning of the thread:
For traditional (sks-style) keyservers, it is true that the list of all
certificates
and email addresses is public, and must be by
On Wed, 1 Feb 2023 16:51, Martin said:
> It just seemed like a contradiction to me if a key for security
> reasons should be downloaded from a website with an insufficient
> certificate ;-)
That is not really a matter. X.509 certificates as well as PGP keys are
self-contained. All OpenPGP
On Wednesday, February 1, 2023 5:33 PM, Martin wrote:
> Hello
>
> Perhaps my question is strange an silly ;-)
>
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Alex,
Wednesday, February 1, 2023, 1:01:21 PM, you wrote:
> There's not much you can do in those situations. There's not
> really much in the way of an advantage compared to downloading from a
> keyserver when searching by the key ID.
It
Hello,
Apart from the use of keyserver, it is relatively easy and highly
recommended to use WKD (Web Key Directory) for PGP-Keys.
Another alternative is DNS OPENPGPKEY Record.
regards
Juergen
Am 01.02.23 um 10:32 schrieb Martin:
Hello
Perhaps my question is strange an silly ;-)
More and
Hello Martin,
Il 01 febbraio 2023 alle 10:32 Martin ha scritto:
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages gives a link where the key could
> be downloaded.
On Wed, 1 Feb 2023 13:01:21 +0100
Alex wrote:
> There's not much you can do in those situations. There's not
> really much in the way of an advantage compared to downloading from a
> keyserver when searching by the key ID.
Correction: It can help if there are collisions, software should not
On Wed, 1 Feb 2023 10:32:41 +0100
Martin wrote:
> Hello
>
> Perhaps my question is strange an silly ;-)
>
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages gives a
Hello
Perhaps my question is strange an silly ;-)
More and more I see messages which are signed - but the author didn't
store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
sometimes a footnote in the massages gives a link where the key could
be downloaded. Sometimes this link has
13 matches
Mail list logo
