Validating Sign Only Gpg Keys
Registered by
James Henstridge
The current system for claiming GPG keys relies on the ability to encrypt an email to the user with that key, as a way to prove that they have the secret key and can use it to decrypt the message.
This process fails if the key can't be used for encryption (i.e. can only be used for signing). A separate verification procedure would be needed to handle such keys.
Blueprint information
- Status:
- Complete
- Approver:
- Christian Reis
- Priority:
- Medium
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- James Henstridge
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- James Henstridge
- Completed by
- James Henstridge
Related branches
Whiteboard
(?)