Global Directory signatures (was Re: GPG wants to check trustdb
every day)
Jason Harris
jharris at widomaker.com
Thu Dec 30 05:35:12 CET 2004
On Wed, Dec 29, 2004 at 08:44:43PM -0500, David Shaw wrote:
> I rather like the notion of GPG keeping GPG clean, the keyservers
> keeping the keyservers clean, and so on. So long as people aren't
> actively bridging keys between the GD and the keyserver net (which
> seems to be happening in my case, though I have no idea why someone
> would bother), this should be okay.
Good luck. Each person who signed 0xCA57AD7C and uploaded their
signature for others to use:
http://keyserver.kjsl.com:11371/pks/lookup?op=vindex&search=0xCA57AD7C
probably disagrees, unless keyserver.pgp.com is now secretly
infiltrating its keys into the regular public keyserver network.
Besides, using only keyserver.pgp.com isn't feasible if you care about
signatures from keys not registered with it. This is because it now
implements "weak no-modify" in addition to being unsynchronized, whereas
in the past it was only because it stopped synchronizing with other
keyservers.
If signatures from 0xCA57AD7C were issued when a key is first verified
by GD and set to expire yearly (a la RobotCA), there wouldn't be a problem.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20041229/1c52d17b/attachment.bin
More information about the Gnupg-users
mailing list