Ok. I give you now some ideas you may think about, or not. As you may know modern sequoia-pgp (Testimonials by Mr Zimmermann) no longer uses the stupid WoT. Stupid keyservers like SKS are thankfully also dead. The difference in CA sigs and a modern keyserver like Mailvelope and the difference between WoT signatures and SKS keyservers: When I have a CA signature, based on our Government system and I upload my signed pub key to Mailvelope you have the *guarantee* that the key is from me and I have the guarantee that no one can add (spam) signatures. And I can delete my key (right to be forgotten) When you are a fan of classic WoT signatures and SKS keyservers the following can happen. A person, say a left-winger uploads his pub key to SKS and asks a respected community member of OpenPGP if he signs his pub key and he does. Later the left-winger figures out that the signee was employed at two different NSA contractors he may feel a bit uncomfortable, if this would be publicity known. These persons exist. Another respected OpenPGP community member runs a private CA, which GnuPG users like. What the GnuPG users do not know that he signs pub keys without notifying the people and not checking the people. Also real case. So what value have these signatures? Fan sigs: Check Mr Zimmermann's or Mr Koch's key and do a reverse signature search and look how many these both have signed from their signees. Let's assume you have minors, which you allow to use OpenPGP. Some little bastard of your daughter's friends appends nasty signatures to her pub key. Later she comes home and cries and asks daddy, please remove my key from keyservers. Same can happen to adults of course. Ok, the last three cases won't happen with Mailvelope, but you get the idea. Also OpenPGP is the only public key software, from many, and I mean many which uses key signtures. Then you had openly shown communication paths, which should be nobody's business except yours and your friends. Before PGP was invented nobody had key signatures. If OpenPGP could be used for business, like shopping etc. You would probably agree that in dispute cases etc. a CA sig from a Government has more weight than a couple of sigs nobody can really verify. We both can probably discuss until we get blue in the face, but you see my points. Regards Stefan On Mon, Oct 25, 2021 at 5:40 AM grarpamp <grarpamp@gmail.com> wrote:
This CA Service is run by Governikus, on behalf of our German Government (BSI)
You don't need to create keep grow prop up digitize worship and in general foolishly continue to put governments in power over you for this, or anything else.
PGP WoT works entirely independent of and has no need for Government database bullshit.
Create whatever keys for whatever nyms you aspire to, demonstrate and hold them out for others to sign to whatever degree they wish, hit send, and around the globe it goes. No Govt "authorities" DB's Bio-ID's etc needed.
even Werner Koch (Germany) the author of GnuPG does not use this system
Perhaps that's why he doesn't, and shouldn't.
for free
Nothing is ever free except charity, but you gave away that personal responsibility to Govt too, now they steal many times the amount from you, and fuck it up.
And in this case, "free" is being used as a scam to lure people into permanent central Bio-ID dependency structures GovCorp digital slavery and control systems, lifetime tracking spyveillance and datamining, and worse... and you're falling for it. That's very bad and never ends well, ever.