[OT] New keyserver
disastry at saiknes.lv
disastry at saiknes.lv
Tue Sep 24 23:36:02 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Jan-Benedict Glaw wrote:
> On Mon, 2002-09-23 16:48:22 +0200, disastry at saiknes.lv <disastry at saiknes.lv>
> wrote in message <3D8F29B6.ECB9E13 at saiknes.lv>:
> > keyserver does not need to sign keys,
> > however it would be nice if it could verify signatures, so that it can reject
> > userids without valid selfsig.
>
> Seems I don't get the point. What's wrong with UIDs without
> self-signatures? Though, they're *not* what you think about them (being
> "valid" UIDs), but technically, everybody can attach any UIDs to any
> key.
yes, and exactly that is wrong.
can you tell any legitimate reason to allow everybody attach any UIDs to any key?
key 0x00BBAA09 (on servers) shows it very well.
> ...and GnuPG doesn't trust UIDs without self-signatures, so
> everything is okay (from my point of view).
>
> What could be said is that it would be a nice feature to not transmit
> UIDs with missing self-sigs, because they're a) not worth anything and
> b) probably the result of bad kiddies. Am I wrong here?
no, but it's easier to reject them when importing, and result is the same, IMHO.
(and you need to check sign only once - when importing, not every time - when transmitting).
well.. maybe there could be exception - for keys with only one (and unsigned) UID - they may be accepted.
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPZBqDTBaTVEuJQxkEQN8gQCcC35qikrxlxVJoVOXQZrI5Mr/vtcAoJVC
gX2mXAVd0oZgKmHFp1K+y38G
=FipC
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list