Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Dec 2017 16:31:53 -0500
From: Phil Pennock <oss-security-phil@...dhuis.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Recommendations GnuPG-2 replacement

On 2017-12-10 at 14:16 +0100, Marcus Brinkmann wrote:
> Another idea I am contemplating is running my own little keyserver that
> does only email verification.  It's like registering for a website, but
> without a website.  People are familiar with the concept, it gives at
> least the assurance that somebody (me) verified the email address, and
> it allows revocation.

Prior art to consider and inform your decisions:

 * 0x9710B89BCA57AD7C -- PGP Global Directory Verification Key
   + Now part of Symantec; upload key, do verification steps via email,
     get signature
 * 0x2BAE3CF6DAFFB000 -- ct magazine -- pgpCA@...heise.de
   + Some years back a German technical magazine apparently made a big
     push to get people using OpenPGP and had their own verification
     service
 * WKS in the current (>= 2.1.15) GnuPG releases, built with optional
   ./configure flag, <https://wiki.gnupg.org/WKS>
   + Software to be run by the mail-provider for a given domain, to act
     as a trusted introducer and move away from the public keyservers.
     Like finger:// but without shell access to set .pubkey|.plan files.
     Requires a fair bit of setup, if nothing ships with support
     out-of-the-box.  Is one of the auto-key-locate options for GnuPG,
     under name `wkd`.  KMail has built-in support

Good luck!
-Phil

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ