On Wed, 17 Jan 2018 09:42:07 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:
>
> > users who uploaded their public keys on key servers would not
> > reveal that they know each other as shown with their signatures,
> > which the classical WoT somehow requires, in
On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:
> users who uploaded their public keys on key servers would not
> reveal that they know each other as shown with their signatures,
> which the classical WoT somehow requires, instead of using local sigs.
I do not know most of the people who
On 01/16/2018 11:40 AM, Stefan Claas wrote:
> Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
>
>> On 01/15/2018 09:23 PM, Stefan Claas wrote:
>>> No? I for one would like to be sure that i am the only person who
>>> can upload my public key to a key server directory.
>> This seems to be bas
On 01/16/2018 08:37 PM, Stefan Claas wrote:
>> I know, but keybase.io's goal is (or was, back when I tested it) to
>> use those connections to somehow prove an identity. It is a neat
>> idea for the facebook generation. Privacy is something different.
> Agreed. But the word privacy would then als
On Tue, 16 Jan 2018 19:51:17 +0100, Werner Koch wrote:
> We definitely want to refine some things there but that requires a
> wider deployment.
I will for sure follow the WKD development and hope that also more
mail providers will offer a WKD service.
> > i have with posteo's WKD implementation
On Tue, 16 Jan 2018 19:36:30 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:
>
> > the public key. He / she is not forced to provide any identity via
> > other web sites etc. Doing this is a method they have implemented
> > as sort
>
> I know, but keybase.io'
On Tue, 16 Jan 2018 16:46, stefan.cl...@posteo.de said:
> This part i do not understand... i send the rev cert or my updated key
> again to WKD and then i can search a regular key server for the updated
A revoked key does not make sense in the WKD. Either the key exists and
proves that this is t
On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:
> the public key. He / she is not forced to provide any identity via other
> web sites etc. Doing this is a method they have implemented as sort
I know, but keybase.io's goal is (or was, back when I tested it) to use
those connections to som
> Understood, but what speaks against a (syncing) public key server
> system like the old pgp.com key server was, compared to the regular
> key servers, which don't allow deletion of a key, by the owner and if
> i remember correctly also only upload by the owner.
The pgp.com keyserver had some ser
On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:
> On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:
>
> > O.k. Werner invented WKD which solves those problems, if i'm not
> > mistaken, but is it besides keybase.io widely deployed?
>
> Nope. The Web Key Directory solves exactly one
> O.K. than it is a feature request. You also triggered something in me
> with the words "which you think belongs to you".
That's because you think information *does* belong to you. But
information doesn't belong to anyone: the nature of information is that
it has no owners. You can place restri
On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:
> I wonder why you seem to suggest the US based keybase.io as a better
> solution. After all keybase.io is a service which connects private
> data to private data of other sites and that all in the public. I
> would consider this a real priv
Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
On 01/15/2018 09:23 PM, Stefan Claas wrote:
No? I for one would like to be sure that i am the only person who
can upload my public key to a key server directory.
This seems to be based on a misconception whereby you're attributing
propertie
On 01/15/2018 09:23 PM, Stefan Claas wrote:
> No? I for one would like to be sure that i am the only person who
> can upload my public key to a key server directory.
This seems to be based on a misconception whereby you're attributing
properties of a certificate authority to the keyservers. OpenPG
Am 16.01.2018 um 10:18 schrieb Werner Koch:
On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:
and add some funny things to "your" public key. This would be
also interesting to see how many signatures a public key can bear.
You may look at my key to see funny things and thousands of key
On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:
> and add some funny things to "your" public key. This would be
> also interesting to see how many signatures a public key can bear.
You may look at my key to see funny things and thousands of key
signatures from made up users. They print a
Am 16.01.2018 um 00:32 schrieb Robert J. Hansen:
(Responding here because Stefan's message hasn't hit my mail server yet)
My previous message to you and the list was bounced from your mail server.
It's from 2003. It doesn't need modernization.
No? I for one would like to be sure that i am
On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:
> O.k. Werner invented WKD which solves those problems, if i'm not
> mistaken, but is it besides keybase.io widely deployed?
Nope. The Web Key Directory solves exactly one problem: How to
initially map a mail address to a key. This directo
(Responding here because Stefan's message hasn't hit my mail server yet)
>>> It's from 2003. It doesn't need modernization.
>>
>> No? I for one would like to be sure that i am the only person who can
>> upload my public key to a key server directory.
Which is not a modernization issue. It's a f
> On 15 Jan 2018, at 21:13, Matthias Mansfeld
> wrote:
>
> could this be implemented in a way that the _upload_ (not the
> spreading between keyservers) requires signing? (unless it is a
> revocation certificate)?
So long as there is one keyserver somewhere in the ecosystem that fails to
en
On 15 Jan 2018 at 21:23, Stefan Claas wrote:
> On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > > How long do we have now those old fashioned key servers
> >
> > SKS came out in 2003. It largely replaced PKS, which was widely
> > considered old and broken. SKS was Yaron Minsky'
On 15 Jan 2018 at 18:53, Andrew Gallagher wrote:
>
> > On 15 Jan 2018, at 16:39, Stefan Claas
> > wrote:
> >
> > Maybe we need (a court) case were a PGP user requests the removal of
> > his / her keys until the operators and code maintainers wake up?
>
> You also need to prove that removal is
On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > How long do we have now those old fashioned key servers
>
> SKS came out in 2003. It largely replaced PKS, which was widely
> considered old and broken. SKS was Yaron Minsky's Ph.D thesis,
> wherein he developed some really cuttin
> Correct, but would it be really a big loss if we would loose all the
> old fashioned key servers tomorrow? For me not.
I personally know Syrians and Iranians who have given me bear hugs at
conferences when they hear I'm involved with GnuPG, Enigmail, and am on
the periphery of SKS. A common th
> How long do we have now those old fashioned key servers
SKS came out in 2003. It largely replaced PKS, which was widely
considered old and broken. SKS was Yaron Minsky's Ph.D thesis, wherein
he developed some really cutting-edge math to make key sync fast and
reliable.
"Old-fashioned" is not
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
Already happened back in 2010.
https://lists.nongnu.org/archive/html/sks-devel/2010-09/msg9.html
___
Gnupg-use
> I was just thinking, would it be possible to have a tag (a UID with
> special meaning, like “please-remove...@srs-keyservers.net”?) for which
> the signature would be verified by the keyserver, and that would cause
> it to drop everything from its storage apart from this tag?
Nope. SKS has no c
On Mon, 15 Jan 2018 18:53:26 +, Andrew Gallagher wrote:
> > On 15 Jan 2018, at 16:39, Stefan Claas
> > wrote:
> >
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?
>
> You also need to prove tha
On Mon, 15 Jan 2018 19:47:39 +0100, Peter Lebbing wrote:
> On 15/01/18 17:39, Stefan Claas wrote:
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?
>
> Wow, you're entertaining an interesting notion o
> On 15 Jan 2018, at 16:39, Stefan Claas wrote:
>
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
You also need to prove that removal is technically possible. Otherwise all that
such a court case will ach
On 15/01/18 17:39, Stefan Claas wrote:
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?
Wow, you're entertaining an interesting notion of what is "needed"!
Let's hope most people will just let keyserver opera
sing in 2005 was labeled
> as "Remove public key from keyserver No.74"
>
>
> Sent: Monday, January 15, 2018 at 4:14 PM
> From: "Leo Gaspard"
> To: gnupg-users@gnupg.org
> Subject: Remove public key from keyserver (was: Re: Hide UID From
> Public Key Se
> That said I guess ideas like this have already
> likely been discussed before?
Good luck with that, the similar discussing has
been hold years and nothing ever changed. Last
time I checked, a discussing in 2005 was labeled
as "Remove public key from keyserver No.74"
Sent: Mo
On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove
>> anything from the public key server, You are
>> wondering if you can add something to it -- for
>> example, add another 100 of UIDs with other
>> people's real name and emails so people can not
>> find out which one is
34 matches
Mail list logo
