Got my OpenPGP Key email IDs certified with my European eID through the German AusweisApp2 software made by Governikus - Check out their service here:

@johanbove I don't understand what's the point of applying a centralized/hierarchical structure over a decentralized/federated one? I wonder if that's good for the PGP's "web of trust" or it's a step that weakens/substitutes/centralizes it...

@txopi OpenPHP Keys on their own don't mean much, they become trustworthy when other parties certify the authenticity. My OpenPGP Key is still fully under my control. What I was able to do is add a verified and certified authority (Governikus is an official German government contractor which built the AusweisApp2) to confirm that this openPGP key is in fact part of my digital identity and that is an important link in the Web Of Trust, as it is linked to my official government issued identity.

@johanbove perhaps we build "trust" on a different way. For me a key signed by a friend of mine I trust, is more trustworthy than a key certified/signed by a third party that certifies/signs all the identities it creates in the very moment of its creation. I don't know if I can explain this...

For me the (Open)PGP web of trust is a web (not a tree) and is the most trustworthy way to certify identities.

@txopi Of course - this certification is completely optional and I agree that the Web Of Trust should be a human network first. This Governikus certification is only an extra node in the trust network that should exist between openPGP keys. Something I haven't had much experience with actually as not many of my contacts actually use OpenPGP.

@txopi I'm reading the GPG4Win Compendium 3.0.0 and there is a whole chapter on "Certificate Inspection" (11) - Sharing the manual here: bafybeicfblrqq6l4ipiozjvclwjkc

Sign in to participate in the conversation

INDIEWEB.SOCIAL is an instance focused on the #Openeb, #Indieweb, #Fediverse, #Mastodon #Selfsovereign #identity (#SSI), #Humanetech and #Calm technologies evolution.