Several questions as feedback on gnupg
Wed Jan 23 19:21:01 2002
On Wed, Jan 23, 2002 at 04:45:10PM +0100, Loic Bernable wrote:
> - I've been told the different running keyservers do not support the
> deletion of an uid. Do anyone can confirm this point ? Where can I
> found the latest version of keyserver software used at this time ?
If you think about it you don't want to delete the UID anyway - removing
it from the keyservers does nothing to invalidate copies in people's
keyrings. Uploading a revocation certificate for the UID does that and
> - A friend of mine pointed out the problem that may occur with persons
> who have a common name and surname. Let's suppose your name is "John Doe
> firstname.lastname@example.org". Now, imagine there is another John Doe, that generates
> a GnuPG key with *your* email address. If someone meets the latest,
> they could check his ID or driving license or whatsoever, but finally
> there would be no way for him to know it is *not* the John Doe related
> to the "email@example.com" address, and worse, John "Charlie" Doe's key
> would be legitimately signed by the third person, not yours. Is that
> clear enough ? :o) This can still be a problem ... Maybe one day we
> will have a thumbprint analysis tool that would complete our public
> key recording ?
When validating the user ID you should validate the whole of the user
ID, including the e-mail address portion. Methods like showing that
encrypted mail to the e-mail address in the UID can be read could be
"You grabbed my hand and we fell into it, like a daydream - or a fever."