Unwanted additions to Keys

Huels, Ralf KSV Ralf.Huels@schufa.de
7 Jul 2000 08:18:41 +0200

> You are mistaken. Anyone can add user-ids to any key. An implementation of
> OpenPGP done correctly will ignore user-ids that do not have valid
> self-signatures (IMHO), and you need the private key to make a
> self-signature, but that doesn't stop someone from adding a user-id to a
> key.
Ok. I tried adding a UID to someones key in GnuPG before my last message and got a reject. I assumed that it was an OpenPGP feature but apparently it´s just a GnuPG feature.
> Been done. There is an "owner-update-only" flag in OpenPGP that the user
> can select, so that no one can update his key on the keyservers but
> himself.
I see. It does not seem to be widely advertised or even (as Werner pointed out) widely used by the servers. Tschuess, Ralf -- Ralf Hüls Bismarckplatz KSV Kreditschutz-Vereinigung GmbH 44866 Bochum Score-Consult Tel. 02327/9114-28 http://www.schufa.de/ Fax. 02327/8 40 27