Unwanted additions to Keys (was: Thawte Web-Of-Trust)

Huels, Ralf KSV Ralf.Huels@schufa.de
6 Jul 2000 15:05:29 +0200

> [...] they violate etiquette by adding unauthorized UIDs to one's
> key (I didn't *want* "Thawte Freemail Member" attached to my key),
That is a point that has been bugging me for quite some time about the public key infrastructure in general. If I´m not mistaken adding a UID is usually not an issue, because you need the private key but there is nothing that prevents e.g. a spammer from getting a load from the keyservers and signing every key with a key that has UIDs that endorse some product or other. Maybe this is a minor threat because PGP/GnuPG keys have little mass market impact, but that is SbO, isn´t it? ;-) On a more practical note I created an RSA key for compatibility reasons only to have my first signator sign it with a DSA key. Maybe it would hamper the entire concept of public key exchange too much, but sometimes I think some protocol to ascertain the key owners consent before tampering with the key is possible would be desirable. Tschuess, Ralf Sorry, if this is verging on the off-topic, but it seemed a propos. -- Ralf Hüls Bismarckplatz KSV Kreditschutz-Vereinigung GmbH 44866 Bochum Score-Consult Tel. 02327/9114-28 http://www.schufa.de/ Fax. 02327/8 40 27