PGP Global Directory

Jason Harris jharris at
Mon Dec 13 20:23:17 CET 2004

On Sun, Dec 12, 2004 at 06:36:34PM -0600, Stewart V. Wright wrote:
> G'day Neil,
> * Neil Williams <linux at> [041212 06:30]:
> > Rumour:
> > Keys uploaded to the new keyserver result in an email to the main email 
> > address of the key to see if the email address in the key actually exists and 
> > is functional and, if so, the key is signed by PGP's Global Directory 
> > Verification Key.
> Well, in my experience this is probably the stupidest keyserver (or 
> coders?) on the net.
> I received an email asking me to verify a key that has been revoked!

Even worse, since the "challenges" aren't encrypted to the [Open]PGP
key being "verified," they aren't even verifying that the keys can be
used for "opportune encryption."  (Has anyone tried registering a
signing-only key with this keyserver yet?  :)

RobotCA, , encrypts its "challenges"
to GPG's choice of encryption [sub]key for the [pub]key, so a
decrypted, published signature from RobotCA means the key was useful
for encryption when and as it was submitted to RobotCA and for
subsequent decryption by a/the keyholder. doesn't issue signatures but should be able
to support HKP-style key lookups for keys it verifies (by emailing an
encrypted "challenge" at signup) fairly easily.

Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at _|_ web:
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041213/ee84afa0/attachment.bin

More information about the Gnupg-users mailing list