🇨🇵 fr : Heye, les amis du #Fediverse, je me pose des questions sur les usages #GPG à l'approche de la #KeySigningParty (#KSP) du @capitoledulibre.
Nous sensibilisons et veillons désormais à éviter que nos coordonnées se retrouvent dans les annuaires des GAFAM pour être utilisées pour de la pub ciblée, etc.
Pourtant, il est d'usage de placer nos clés sur un #KeyServer public, rendant accessible (même par script) notre #WebOfThrust, donc nos contacts et e-mails.
Est-ce approprié, aujourd'hui ?
🇬🇧 en : Heye, #Fediverse fellows, I am having questions about #GPG usages now that the #KeySigningParty (#KSP) during @capitoledulibre is coming soon.
We care and endeavor to care about our personal information not to land within GAFAM* address books, since they will be used for target marketing and more.
However, it's common practice to upload our keys on a public #KeyServer, allowing access (even by scripts) to our #WebOfThrust, thus our contacts and e-mails.
Is it still appropriate today ?
🇲🇫 fr : Merci d'avance pour vos réflexions sur ce sujet. Il est vrai qu'à l'époque, il était courant d'avoir nos noms, adresses et n° de téléphone dans un annuaire public.
Nous avions certainement pour rêve de construire un Internet ouvert, bâti sur la confiance.
Comment nous y prendre aujourd'hui ?
🇬🇧 en : Thanks in advance for any input about this. Earlier, it was common to have our names, phone and address in public access.
We dreamt about an open an thrustful Internet
How to act today ?
@[email protected] It's a good practice to send the signed key to the key owner in an encrypted e-mail and let the owner decide if they want to upload the key or not so it's *not* strictly necessary to use keyservers. But note that *anyone can* upload the key anyway.
Another possibility is generating key without e-mail, with just a name.
There is work being done to remove UIDs (names+emails) from keyservers entirely (https://wiki.gnupg.org/EmailSummit2018Notes) but this will take some time...
🏰Christophe S.❄IceEnchanter🦢
Wiktor