Several questions as feedback on gnupg
Wed Jan 23 16:47:02 2002
Content-Type: text/plain; charset=iso-8859-1
As I had lastly several opportunities to introduce people on GnuPG, they
asked me several questions, and I will try to reproduce them as
literally as I can. I also have several questions on my own that I will
- I've been told the different running keyservers do not support the
deletion of an uid. Do anyone can confirm this point ? Where can I
found the latest version of keyserver software used at this time ?
- Are you aware of legal restrictions in some countries concerning the
setup of a public keyserver ?
- I've read somewhere that some french people asked Werner to contact
french administration (SCSSI) to legalize the use of GnuPG in France.
There should be no theoretical problem, as PGP had been validated
lastly. Is that true, Werner ? Did you have the time to get
information on this topic ?=20
- I realized during a demonstration that no authentication is needed
when modifying the trust values, and in particular assigning a higher
trust value. Can't it be a problem ? If someone change the trust value
of his (or another) key that was in "no trust" mode, and set it as
"full trust", I will trust the signed keys without being warned i use
this key ; with this configuration, I should know what are the keys I=20
trust and so not rely on the othentications made by the software ...
- A friend of mine pointed out the problem that may occur with persons
who have a common name and surname. Let's suppose your name is "John Doe
firstname.lastname@example.org". Now, imagine there is another John Doe, that generates
a GnuPG key with *your* email address. If someone meets the latest,
they could check his ID or driving license or whatsoever, but finally
there would be no way for him to know it is *not* the John Doe related
to the "email@example.com" address, and worse, John "Charlie" Doe's key
would be legitimately signed by the third person, not yours. Is that
clear enough ? :o) This can still be a problem ... Maybe one day we
will have a thumbprint analysis tool that would complete our public
key recording ?
Maybe some of those points have been discussed below on this list, my
reading of it is quite cahotic. Please forgive me in this case.
Thank you for your reading and/or for the answers ...
PS : if some people planned to come to the french Linux-Expo next week,
I will be pleased to share fingerprints with them !
### Lo=EFc Bernable aka Leto -- firstname.lastname@example.org -- Parinux, April, LinuxFR #=
Please don't develop non-free software.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----