duplicate keyid survey results

Hironobu SUZUKI hironobu@h2np.net
Sat Mar 9 05:05:01 2002

> Even so, the user can see their 64-bit keyid by adding the
> "--with-colons" option to the usual --list-keys or --list-sigs


> If you don't think this is the right way to go, what do you suggest
> as an alternative?  I think a warning is fine, but not returning one
> of the keys leaves the keyserver open for a denial of service
> attack.

I'd like to return only "Found duplicate keys" status to client. If
keyserver returns all of duplicate key contents to client, it can be
used another DoS attack.

Then, user can select two thing which are retrieve by 64-bit keyid or
via Web interface.

User may access an exact key via Web interface with database OID
number (this numbers are not appeared to user) to check key contents
and get it by their own risk.

Fyi: http://openpksd.org prepare Kaz's "pgpdump" interface to see
internal of key contents. 


Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net