Key server security considerations / Certification Authorities

[Johan Wevers]

christian@jacken.net wrote:

> how do I prevent someone else to create a key in my name and to send it to a
> key server to mislead third parties?

You can't.

> And is anyone aware of a Trust Center (Certification Authority) which would
> sign a GnuPG key created by me?

I have no idea. And I'm not very interested neither. "Thrusted" third
parties are nice for e-commerce, but they are very _UN_trusted when it
comes to protection against government agancies.

> I visited signtrust.deutschepost.de for example, however they only sign keys
> that they have created,

So they also have your secret key. Very practical when the government wants
to know things about you, like in Germany, what you were discussing with
that member of a forbidden political party.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html