> I believe that public keys should be uploaded to a keyserver. That's why
> they are public.
>
> But it remains the sole privilege of the key owner to upload her/his
> key, or not.
Sure thing. I absolutely agree.
> What I am concerned with is the possibility that ignorant or
> ill-intended people will download my public key block to their computer,
> and either sign it and upload it to a key server without my knowledge
> (because they are *ignorant* of the GnuPG etiquette), or use the
> information (User ID) to create their own key faking my identity
> ("man-in-the-middle").
I'd like to know more about this. I have never heard of any GnuPG etiquette.
Not saying that there isn't any, but if you know more about that and what is
nice to do and what isn't - wouldn't it be great to have a wiki-page with that
information? What do you think? Worth a try? Afaik, you have a GitHub account,
right?
> The latter possibility (to fake my identity) is to be taken into
> consideration, and the risk should be taken.
What do you mean by that? Use your name and mail address and create a new key
pair with that information? That is possible and most likely can't be presented
why then again we have the web of trust and ability to sign keys.
> As for requesting to expressly sign-up for a mailing list, I believe it
> is good practice that should be enforced. Here too, it is the sole
> privilege of the list owner/maintainer/moderator/mom to request
> registration. GPGTools.org does not request registration, it is their
> privilege.
What do you mean by that? We should enforce signing-up? What is in your opinion
the downside of not enforcing that?
> Thank you for your attention and have a fine week,
same for you :)
steve
_______________________________________________
gpgtools-users mailing list
[email protected]
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1
This email sent to: [email protected]
