Unwanted additions to Keys
Huels, Ralf KSV
Ralf.Huels@schufa.de
7 Jul 2000 08:18:41 +0200
> You are mistaken. Anyone can add user-ids to any key. An implementation of
> OpenPGP done correctly will ignore user-ids that do not have valid
> self-signatures (IMHO), and you need the private key to make a
> self-signature, but that doesn't stop someone from adding a user-id to a
> key.
Ok. I tried adding a UID to someones key in GnuPG before my last message
and got a reject. I assumed that it was an OpenPGP feature but apparently
it´s just a GnuPG feature.
> Been done. There is an "owner-update-only" flag in OpenPGP that the user
> can select, so that no one can update his key on the keyservers but
> himself.
I see. It does not seem to be widely advertised or even (as Werner pointed
out) widely used by the servers.
Tschuess,
Ralf
--
Ralf Hüls Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH 44866 Bochum
Score-Consult Tel. 02327/9114-28
http://www.schufa.de/ Fax. 02327/8 40 27