Unwanted additions to Keys (was: Thawte Web-Of-Trust)

[Huels, Ralf KSV]

> [...] they violate etiquette by adding unauthorized UIDs to one's 
> key (I didn't *want* "Thawte Freemail Member" attached to my key),

That is a point that has been bugging me for quite some time about
the public key infrastructure in general. If I´m not mistaken adding
a UID is usually not an issue, because you need the private key but 
there is nothing that prevents e.g. a spammer from getting a load
from the keyservers and signing every key with a key that has UIDs
that endorse some product or other.
Maybe this is a minor threat because PGP/GnuPG keys have little mass
market impact, but that is SbO, isn´t it? ;-)
On a more practical note I created an RSA key for compatibility
reasons only to have my first signator sign it with a DSA key.

Maybe it would hamper the entire concept of public key exchange too
much, but sometimes I think some protocol to ascertain the key 
owners consent before tampering with the key is possible would 
be desirable.

Tschuess,
Ralf

Sorry, if this is verging on the off-topic, but it seemed a propos.

-- 
Ralf Hüls                                                  Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH                           44866 Bochum
Score-Consult                                         Tel. 02327/9114-28
http://www.schufa.de/                                 Fax. 02327/8 40 27