Unwanted additions to Keys (was: Thawte Web-Of-Trust)
Huels, Ralf KSV
6 Jul 2000 15:05:29 +0200
> [...] they violate etiquette by adding unauthorized UIDs to one's
> key (I didn't *want* "Thawte Freemail Member" attached to my key),
That is a point that has been bugging me for quite some time about
the public key infrastructure in general. If I´m not mistaken adding
a UID is usually not an issue, because you need the private key but
there is nothing that prevents e.g. a spammer from getting a load
from the keyservers and signing every key with a key that has UIDs
that endorse some product or other.
Maybe this is a minor threat because PGP/GnuPG keys have little mass
market impact, but that is SbO, isn´t it? ;-)
On a more practical note I created an RSA key for compatibility
reasons only to have my first signator sign it with a DSA key.
Maybe it would hamper the entire concept of public key exchange too
much, but sometimes I think some protocol to ascertain the key
owners consent before tampering with the key is possible would
Sorry, if this is verging on the off-topic, but it seemed a propos.
Ralf Hüls Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH 44866 Bochum
Score-Consult Tel. 02327/9114-28
http://www.schufa.de/ Fax. 02327/8 40 27