List Archival

[Stefan Claas]

On Sun, Oct 24, 2021 at 6:53 PM Punk-BatSoup-Stasi 2.0 <punks at tfwno.gf> wrote:
>
> On Sun, 24 Oct 2021 08:38:06 -0400
> Karl <gmkarl at gmail.com> wrote:
>
> > these contain signatures via a newer pgp key coderman's been emailing;
>
>
>         what makes you think that stuff signed by 'coderman' has any validity at all?

Correct, the only way currently in the OpenPGP ecosystem, is for users
in Germany,
with a German ID-card, containing a chip, and a secure mechanism, to prove that
this public key belongs to this person. And when the key pair is
directly burned on
a YubiKey or Nitrokey the private key can't be stolen, when used on a
compromised
online device. Probably the most secure way, but it still cannot
guaranty that I did the
signature when I supply a warrant canary and I am already dead and someone is
in possession of my (valid) ID-card and YubiKey+ credentials.

Regards
Stefan