> On 14 Jul 2018, at 09:34, Human at FlowCrypt <hu...@flowcrypt.com> wrote: > > > > Could this be mitigated by validating email addresses as they come in? > > > No, because ID fields are not required to be email addresses. > > Then let's drop keys that don't contain a valid email address in the key id.
You do realise that the largest use case for PGP keys is package distribution, and many well known package distributors deliberately use signing keys with no email address? A _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
