[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emailselfdefense.fsf.org indirectly recommends a proprietary service
Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through the new Enigmail defaults
Mon, 28 Oct 2019 19:35:11 +0530
* Dmitry Alexandrov <email@example.com> [2019-10-28 17:53]:
> In particular, the SKS keyserver network — the de-facto standard for
> years — is not, it is a decentralized replicated network — like
> Usenet; while keys.openpgp.org, to carry on the analogy, is like
Yes, I would say it should be decentralized. But I see the problem and
that problem is temporarily solved by that service.
Maybe they bound Enigma plugin to that service. I can see that, but
that is at this time point, when SKS servers are buggy, better
solution, at least so they say.
However, GnuPG and PGP is totally decentralized, PGP keys are
decentralized, relying on any server cannot be trusted. PGP trust
process shall involve verification of signatures, fingerprint.
> Maybe. In meantime, SKS is _fully operational_.
Is the security problem solved?
> FWIW, I got your key from SKS network and have no idea, where else I
> could. You, I suppose, got mine in the same way.
You would ask person. That is number one. You could find keys on
websites, but in general you ask people.
Finding key on the server is not essential. I do not even know did I
publish it or not, I do not know.
In my group we communicate by using PGP, but we did not publish our
keys to servers, makes no sense and there is no demand for that. Keys
can be exchanged by chat, email, or by using websites.
Description: PGP signature